diff options
Diffstat (limited to 'results/classifier/deepseek-r1:32b')
1088 files changed, 33442 insertions, 0 deletions
diff --git a/results/classifier/deepseek-r1:32b/analysis.csv b/results/classifier/deepseek-r1:32b/analysis.csv new file mode 100644 index 000000000..25b59b6d7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/analysis.csv @@ -0,0 +1,4 @@ +category, count +instruction, 98 +runtime, 12 +manual-review, 1 diff --git a/results/classifier/deepseek-r1:32b/categories.csv b/results/classifier/deepseek-r1:32b/categories.csv new file mode 100644 index 000000000..a66597726 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/categories.csv @@ -0,0 +1,5 @@ +category, count +instruction, 156 +manual-review, 40 +runtime, 273 +syscall, 74 diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1022 b/results/classifier/deepseek-r1:32b/output/instruction/1022 new file mode 100644 index 000000000..d81aef62e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1022 @@ -0,0 +1,36 @@ + + + +RISC-V: Simulation terminated with seg fault when encountering `vsra.vx` +Description of problem: +QEMU simulation terminated with segmentation fault. Here is the backtrace of the simulation + +``` +(gdb) r +Starting program: qemu/build/qemu-riscv64 -cpu rv64,vext_spec=v1.0,v=true,Zfh=true,Zve32f=true,Zve64f=true,vlen=128 -B 0x100000 a.out +Missing separate debuginfos, use: yum debuginfo-install glibc-2.28-164.el8_5.3.x86_64 +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/lib64/libthread_db.so.1". +[New Thread 0x7ffff4edd700 (LWP 3239772)] + +Thread 1 "qemu-riscv64" received signal SIGSEGV, Segmentation fault. +0x00007fffe8004fad in code_gen_buffer () +Missing separate debuginfos, use: yum debuginfo-install glib2-2.56.4-156.el8.x86_64 gmp-6.1.2-10.el8.x86_64 gnutls-3.6.16-4.el8.x86_64 libffi-3.1-22.el8.x86_64 libidn2-2.2.0-1.el8.x86_64 libtasn1-4.13-3.el8.x86_64 libunistring-0.9.9-3.el8.x86_64 p11-kit-0.23.22-1.el8.x86_64 pcre-8.42-6.el8.x86_64 +(gdb) bt +#0 0x00007fffe8004fad in code_gen_buffer () +#1 0x00005555556a0b9b in cpu_tb_exec (tb_exit=<synthetic pointer>, itb=<optimized out>, cpu=0x7fffe8005000 <code_gen_buffer+20435>) at ../accel/tcg/cpu-exec.c:358 +#2 cpu_loop_exec_tb (tb_exit=<synthetic pointer>, last_tb=<synthetic pointer>, tb=<optimized out>, cpu=0x7fffe8005000 <code_gen_buffer+20435>) at ../accel/tcg/cpu-exec.c:848 +#3 cpu_exec (cpu=cpu@entry=0x555555eed3d0) at ../accel/tcg/cpu-exec.c:1007 +#4 0x00005555555e6d30 in cpu_loop (env=0x555555ef56f0) at ../linux-user/riscv/cpu_loop.c:37 +#5 0x00005555555df9f7 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../linux-user/main.c:909 +``` +Steps to reproduce: +1. Checkout to QEMU's latest master (`ec11dc41eec5142b4776db1296972c6323ba5847`) +2. `mkdir build ; cd build ; ../configure ; make -j24` +3. `qemu-riscv64 -cpu rv64,vext_spec=v1.0,v=true,Zfh=true,Zve32f=true,Zve64f=true,vlen=128 -B 0x100000 ./a.out` +Additional information: +Attaching code (output.c) and binary (a.out) + +[a.out](/uploads/0ecfb436a439619527ef645bdc781a48/a.out) + +[output.c](/uploads/cd492b4c9468f0b48412e76e7f6fcf91/output.c) diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1028 b/results/classifier/deepseek-r1:32b/output/instruction/1028 new file mode 100644 index 000000000..cda1046c4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1028 @@ -0,0 +1,37 @@ + + + +Assert fail for RISC-V RVV vmv.v.x for e64, vl == vl_max on RV32 guest +Description of problem: +assert message: +qemu/tcg/tcg-op-gvec.c:1714: tcg_gen_gvec_dup_i32: Assertion `vece <= MO_32' failed. + +For a e64 vmv.v.x, in the file trans_rvv.c.inc, function "trans_vmv_v_x", when s->vl_eq_vlmax is true, then "tcg_gen_gvec_dup_tl" (it's defined to tcg_gen_gvec_dup_i32 for RV32) is called. In "tcg_gen_gvec_dup_i32" the assert "tcg_debug_assert(vece <= MO_32) will be triggered, since vece == MO_64 for e64. +Steps to reproduce: +1.enable cfg.Zve64f + +2.Prepare a problem as set e64, vl == vl_max and use vmv.v.x, maybe as below +``` + li t0, -1, + vsetvli x0, t0, e64,m1,tu,mu + li t1, -1 + vmv.v.x v0, t1 +``` +Additional information: +Below is a possible solution if it's appropriate. +``` +#if TARGET_LONG_BITS == 32 + if (s->sew == 3) { + TCGv_i64 s1_i64 = tcg_temp_new_i64(); + tcg_gen_ext_tl_i64(s1_i64, s1); + tcg_gen_gvec_dup_i64(s->sew, vreg_ofs(s, a->rd), + MAXSZ(s), MAXSZ(s), s1_i64); + tcg_temp_free_i64(s1_i64); + } else { +#endif + tcg_gen_gvec_dup_tl(s->sew, vreg_ofs(s, a->rd), + MAXSZ(s), MAXSZ(s), s1); +#if TARGET_LONG_BITS == 32 + } +#endif +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1051 b/results/classifier/deepseek-r1:32b/output/instruction/1051 new file mode 100644 index 000000000..fcbf675c2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1051 @@ -0,0 +1,4 @@ + + + +or1k tcg SIGILL diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1054812 b/results/classifier/deepseek-r1:32b/output/instruction/1054812 new file mode 100644 index 000000000..8b1d033c4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1054812 @@ -0,0 +1,8 @@ + + + +Configure uses wrong libtool on Darwin + +On Darwin/OS X, there are two versions of libtool: the GNU libtool, and Apple's libtool. Both are installed, but Apple's libtool (libtool) won't build libcacard that Qemu uses, but Gnu's libtool (glibtool) does. I get around using Apple's libtool by passing LIBTOOL=glibtool when configuring; unfortunately this variable isn't preserved so when Qemu's configure changes it's not passed. A simple switch in the configure script could check for Darwin, then if present, use glibtool. Or configure could check the features of libtool, see if they can build libcacard, then look for alternatives like glibtool. + +This bug was probably introduced when libcacard was added to Qemu, and is present in commit 93b6599734f81328ee3d608f57667742cafeea72. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1086 b/results/classifier/deepseek-r1:32b/output/instruction/1086 new file mode 100644 index 000000000..56d70a3b2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1086 @@ -0,0 +1,72 @@ + + + +Numpy/scipy test suites fails in QEMU on ppc64le (but not on aarch64) +Description of problem: +I'm not really qualified to report this problem, but after being affected by it for ~2 years (and QEMU 7 not fixing things), I decided to give it a shot. Please excuse reporting deficiencies, I'll endeavour to fix them as best I can once pointed out. + +In my spare time, I help out for the packaging effort in the [conda-forge](https://conda-forge.org/) ecosystem, which is mostly associated/attached to the python world, but - in contrast to the vanilla python tools - also deals with non-python dependencies, and in particular has strong enough abstractions to deal with ABI-issues and generally provides much better integration than the packages on PyPI. + +This strength of abstraction has also allowed conda-forge to publish artefacts for many more architectures than most projects are commonly able to provide precompiled binaries for. Due to the lack of (reliable) public CI for aarch64 & ppc64le, these packages are mostly cross-compiled from linux-x86. Where cross compilation is not possible, the packages are compiled in emulation through QEMU, coming through https://github.com/multiarch/qemu-user-static (this is the part of the infrastructure I don't fully understand myself...). The full infrastructure is somewhat involved, but should not be relevant (hopefully) to the issue at hand (see instructions below) - and even if that turns out to be the case, that would be a great information gain as well. + +In either case, the tests for the package (ideally comprising the entire upstream test suite) are then run in emulation. + +Two of the so-called "feedstocks" I co-maintain are for [numpy](https://github.com/conda-forge/numpy-feedstock) and [scipy](https://github.com/conda-forge/scipy-feedstock), and there have been persistent issues with running the test suite in emulation on PPC (interestingly, the same setup on a different architecture - aarch64 - has no problems). However, the compiled artefacts on PPC run fine on native hardware. + +Said otherwise, it appears numpy/scipy are exercising QEMU enough to uncover some bugs. I've seen similar problems also in other packages (e.g. the cvxpy-stack), reinforcing the impression that this is a QEMU issue, and not one on the level of the individual packages. + +Depending on the exact combination of python version, the result of the numpy test suite might be as follows: +``` +320 failed, 18900 passed, 361 skipped, 36 xfailed, 9 xpassed, 144 warnings in 2516.49s (0:41:56) +``` + +Looking at the test failures, sometimes the results are garbage +``` +> assert_array_max_ulp(x, x+eps, maxulp=20) +E AssertionError: Arrays are not almost equal up to 20 ULP (max difference is 8.55554e+08 ULP) + +eps = 1.1920929e-07 +self = <numpy.testing.tests.test_utils.TestULP object at 0x401ec8beb0> +x = array([ 2.3744986e-38, nan, 2.2482052e-15, 7.5780330e+28, + nan, nan, 5.8310814e+29, -5.6511531e+24, + 1.0010809e+00, 1.0101526e+00], dtype=float32) +``` +sometimes the values are permuted +``` +> assert_array_equal(actual, desired) +E AssertionError: +E Arrays are not equal +E +E x and y nan location mismatch: +E x: array([0.000000e+00, 6.704092e-39, 9.000000e+00, 2.350989e-38, +E 0.000000e+00, 0.000000e+00, 0.000000e+00, 0.000000e+00, +E 6.772341e-39, nan], dtype=float32) +E y: array([6.704092e-39, 6.772341e-39, 0.000000e+00, 0.000000e+00, +E 0.000000e+00, 0.000000e+00, nan, 2.350989e-38, +E 2.000000e+00, 7.000000e+00], dtype=float32) +``` +sometimes the results are fundamentally different (zero vs. non-zero) +``` +> raise AssertionError(msg) +E AssertionError: +E Arrays are not almost equal to 6 decimals +E +E Mismatched elements: 72 / 216 (33.3%) +E Max absolute difference: 1. +E Max relative difference: 1. +E x: array([[[[[0., 0., 0.], +E [0., 0., 0.], +E [0., 0., 0.]],... +E y: array([[[[[1., 0., 0.], +E [0., 1., 0.], +E [0., 0., 1.]],... +``` + +I don't know where it goes wrong, but it's not just a little tolerance violation. One PR that illustrates this is [here](https://github.com/conda-forge/numpy-feedstock/pull/274) and the respective CI run is [here](https://dev.azure.com/conda-forge/feedstock-builds/_build/results?buildId=526218&view=results) (ignore the errors for osx-arm64, those are unrelated). +Steps to reproduce: +1. In an emulated ppc64 machine, install miniforge from [here](https://github.com/conda-forge/miniforge/releases/latest/download/Miniforge3-Linux-ppc64le.sh) +2. Run `conda create -n test_env numpy pytest cython hypothesis typing_extensions` and then `conda activate test_env` +3. Run `python -c "import numpy; numpy.test()"` +4. Pick any test that fails and run it as `python -c "import numpy; numpy.test(tests='x.y.z')"` +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1092 b/results/classifier/deepseek-r1:32b/output/instruction/1092 new file mode 100644 index 000000000..60c305b43 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1092 @@ -0,0 +1,17 @@ + + + +PPC: `sraw` instructions does not set `ca` and `ca32` flags. +Description of problem: +The translation of Power PC instruction `sraw` and `sraw.` don't set the `ca` or `ca32` flags although, according to +[PowerISA 3.1b](https://files.openpower.foundation/s/dAYSdGzTfW4j2r2) (page 140), they should. +Additional information: +This gets particular apparent if compared to `srawi` (which does set `ca`, `ca32`). + +**sraw** + +https://gitlab.com/qemu-project/qemu/-/blob/master/target/ppc/translate.c#L2914 + +**srawi** + +https://gitlab.com/qemu-project/qemu/-/blob/master/target/ppc/translate.c#L2924 diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1095857 b/results/classifier/deepseek-r1:32b/output/instruction/1095857 new file mode 100644 index 000000000..c82825908 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1095857 @@ -0,0 +1,14 @@ + + + +incorrect handling of [r32] address (long mode) + +while executing in Long Mode (x86-64) instructions such as + +mov eax,[r15d] + +end up executing as + +mov eax,[r15] + +according to x86 programmer manuals the behavior of using the Address-Size override (in long mode) is supposed to ignore the high 32bits of the register. I use this fact in my operating system to reduce register usage (the high 32 bits of r15 holds other data). consequently a general protection exception occurs since the memory address isn't "canonical". this error doesn't always appear since the high 32 bits might not be zero in those conditions. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1129571 b/results/classifier/deepseek-r1:32b/output/instruction/1129571 new file mode 100644 index 000000000..dc66da3bb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1129571 @@ -0,0 +1,17 @@ + + + +libreoffice armhf FTBFS + +We have been experiencing FTBFS of LibreOffice 3.5.7, 12.04, armhf in the launchpad buildds. We believe this is likely due to an error in qemu. + +While we do not have a small test case yet, we do have a build log (attaching here). + +The relevant snippet from the build log is: + +3.5.7/solver/unxlngr.pro/bin/jaxp.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/juh.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/parser.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/unoil.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/ridl.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/jurt.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/xmlsearch.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/LuceneHelpWrapper.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/HelpIndexerTool.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-core-2.3.jar:/build/buildd/libreoffice-3.5.7/solver/unxlngr.pro/bin/lucene-analyzers-2.3.jar" com.sun.star.help.HelpIndexerTool -lang cs -mod swriter -zipdir ../../unxlngr.pro/misc/ziptmpswriter_cs -o ../../unxlngr.pro/bin/swriter_cs.zip.unxlngr.pro +dmake: Error code 132, while making '../../unxlngr.pro/bin/swriter_cs.zip' + +We believe this is from bash error code 128 + 4, where 4 is illegal instruction, thus leading us to suspect qemu. + +Any help in tracking this down would be appreciated. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1156 b/results/classifier/deepseek-r1:32b/output/instruction/1156 new file mode 100644 index 000000000..76296a60b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1156 @@ -0,0 +1,4 @@ + + + +Incorrect implementation of vmsumudm instruction diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1178 b/results/classifier/deepseek-r1:32b/output/instruction/1178 new file mode 100644 index 000000000..ffe5b226f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1178 @@ -0,0 +1,4 @@ + + + +is that riscv64 `feq.s` only should consider the lowest 32-bits. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1245543 b/results/classifier/deepseek-r1:32b/output/instruction/1245543 new file mode 100644 index 000000000..6ca865d95 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1245543 @@ -0,0 +1,26 @@ + + + +Wrong implementation of SSE4.1 pmovzxbw and similar instructions + +QEMU 1.5.0 (and git version, as far as I can tell from the source code) has incorrect implementation of pmovzxbw and similar SSE4.1 instructions. The instruction zero-extends the first 8 8-bit elements of a vector to 16bit vector and puts them to another vector. The current implementation applies this operation only to the first element and zeros out the rest. + +To verify, compile the attached program for SSE4.1 (g++ -msse4.1 cvtint.cc). On real hardware, it produces the following output: + +$ ./a.out +1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 + +On QEMU, the output is as follows: + +$ ./a.out +1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 + +QEMU is invoked as: + +qemu-system-x86_64 \ + -M pc -cpu Haswell,+sse4.1,+avx,+avx2,+fma,enforce -m 512 \ + -serial stdio -no-reboot \ + -kernel vmlinuz -initrd initrd.img \ + -netdev user,id=user.0 -device rtl8139,netdev=user.0 -redir tcp:2222::22 \ + -hda ubuntu-amd64.ext3 \ + --append "rw console=tty root=/dev/sda" \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1248168 b/results/classifier/deepseek-r1:32b/output/instruction/1248168 new file mode 100644 index 000000000..06b56a323 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1248168 @@ -0,0 +1,27 @@ + + + +MIPS, self-modifying code and uncached memory + +Self-modifying code does not work properly in MIPS in uncached and unmapped kseg1 memory region. + +For example, when running this code I get unexpected behavior: + + 0: e3000010 b 0x390 + 4: 00000000 nop + ... + 380: 00701f40 mfc0 ra,c0_epc + 384: 0400e0bb swr zero,4(ra) + 388: 18000042 eret + 38c: 00000000 nop + 390: 25500000 move t2,zero + 394: 02000b34 li t3,0x2 + 398: 23504b01 subu t2,t2,t3 + 39c: e9003c0b j 0xcf003a4 + 3a0: 0a004a21 addi t2,t2,10 + 3a4: ffff0010 b 0x3a4 + 3a8: 00000000 nop + 3ac: 00000000 nop + + I expect that swr instruction in line 384 would change `addi t2,t2,1`0 to `nop` +This should work because no cache is used for this memory region. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1251 b/results/classifier/deepseek-r1:32b/output/instruction/1251 new file mode 100644 index 000000000..a9c329191 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1251 @@ -0,0 +1,18 @@ + + + +Octeon Instruction BBIT Bug +Steps to reproduce: +1. Compile 64bit binary for Octeon with Octeon instructions +`mips64-octeon-linux-gnu-gcc -o hello hello.c` +2. Run with `qemu-mips64` +`qemu-mips64 -cpu Octeon68XX hello` +3. Get the output below: +``` +qemu: uncaught target signal 4 (Illegal instruction) - core dumped +Illegal instruction +``` +Additional information: +I have a patch for this that I will be submitting to trivial-patches. This is not enough to emulate Octeon specific binaries alone. For small binaries mapping the `CVMSEG_LM = 0xFFFFFFFFFFFF8000 - 0xFFFFFFFFFFFF9FFF` to empty RAM and using this patch is enough. There are additional support issues for `N32` binaries that will require a separate issue. + +[hello](/uploads/d8b5e631508fd232b4a7b3a40f7e08f6/hello) diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1254786 b/results/classifier/deepseek-r1:32b/output/instruction/1254786 new file mode 100644 index 000000000..315e2004c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1254786 @@ -0,0 +1,45 @@ + + + +qemu-m68k-static: illegal instruction ebc0 during debootstrap second stage + +Host: Ubuntu Precise amd64 +Guest: Debian (ports) sid m68k + +$ sudo qemu-debootstrap --no-check-gpg --arch=m68k sid m68k http://ftp.debian-ports.org/debian +I: Running command: debootstrap --arch m68k --foreign --no-check-gpg sid m68k http://ftp.debian-ports.org/debian +[...] +I: Running command: chroot m68k /debootstrap/debootstrap --second-stage +qemu: fatal: Illegal instruction: ebc0 @ f67e5662 +D0 = 6ffffef5 A0 = f67fbf58 F0 = 0000000000000000 ( 0) +D1 = 0000010a A1 = 00000000 F1 = 0000000000000000 ( 0) +D2 = 0000000f A2 = 00000000 F2 = 0000000000000000 ( 0) +D3 = 00000000 A3 = f67e0000 F3 = 0000000000000000 ( 0) +D4 = 00000000 A4 = 00000000 F4 = 0000000000000000 ( 0) +D5 = 00000000 A5 = f67fc000 F5 = 0000000000000000 ( 0) +D6 = 00000000 A6 = f6fff7cc F6 = 0000000000000000 ( 0) +D7 = 00000000 A7 = f6fff580 F7 = 0000000000000000 ( 0) +PC = f67e5662 SR = 0000 ----- FPRESULT = 0 +Aborted (core dumped) + +ProblemType: Bug +DistroRelease: Ubuntu 12.04 +Package: qemu-user-static 1.0.50-2012.03-0ubuntu2.1 +ProcVersionSignature: Ubuntu 3.8.0-33.48~precise1-generic 3.8.13.11 +Uname: Linux 3.8.0-33-generic x86_64 +NonfreeKernelModules: wl +ApportVersion: 2.0.1-0ubuntu17.6 +Architecture: amd64 +Date: Mon Nov 25 16:08:26 2013 +Dependencies: + +InstallationMedia: Ubuntu 12.04.3 LTS "Precise Pangolin" - Release amd64 (20130820.1) +MarkForUpload: True +ProcEnviron: + LANGUAGE=en_GB:en + TERM=xterm + PATH=(custom, no user) + LANG=en_GB.UTF-8 + SHELL=/bin/bash +SourcePackage: qemu-linaro +UpgradeStatus: No upgrade log present (probably fresh install) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1267955 b/results/classifier/deepseek-r1:32b/output/instruction/1267955 new file mode 100644 index 000000000..f18f0c665 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1267955 @@ -0,0 +1,45 @@ + + + +[i386] Parity Flag Not Set On xor %eax,%eax + +Tested against qemu-1.7.0 as well as qemu-1.7.50 on Debian Sid + +Steps To Reproduce + +$ cat > prog.hex << EOF + +7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 +02 00 03 00 01 00 00 00 54 80 04 08 34 00 00 00 +00 00 00 00 00 00 00 00 34 00 20 00 01 00 28 00 +00 00 00 00 01 00 00 00 00 00 00 00 00 80 04 08 +00 80 04 08 76 00 00 00 76 00 00 00 05 00 00 00 +00 10 00 00 + +31 c0 +9c + +b8 04 00 00 00 +bb 01 00 00 00 +89 e1 +ba 04 00 00 00 +cd 80 + +b8 01 00 00 00 +bb 00 00 00 00 +cd 80 + +EOF + +$ xxd -p -r prog.hex > prog +$ chmod 700 prog + +$ ./prog | hexdump -vC +00000000 46 02 00 00 |F...| +00000004 + +$ qemu-i386 ./prog | hexdump -vC +00000000 42 02 00 00 |B...| +00000004 + +On the other hand if [xor %eax, %eax] (31 c0) is replaced with sub %eax,%eax (29 c0), then the parity flag is set correctly. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1283519 b/results/classifier/deepseek-r1:32b/output/instruction/1283519 new file mode 100644 index 000000000..c65570d39 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1283519 @@ -0,0 +1,13 @@ + + + +PowerPC altivec rounding instructions vrfi(m|n|z)not correctly mapped + +When using ppc-linux-user/qemu-ppc on a ppc ELF executable, I see that QEMU wrongly recognizes the vrfim, vrfin and vrfiz instructions: + +If the binary contains vrfim QEMU sees vrfiz +If the binary contains vrfin QEMU sees vrfim +If the binary contains vrfiz QEMU sees vrfin +The vrfip instruction is correctly recognized. + +Those instructions normally round a floating-point altivec vector to zero (z), infinity (p), minus infinity (m) or nearest (n). \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1308381 b/results/classifier/deepseek-r1:32b/output/instruction/1308381 new file mode 100644 index 000000000..0560b9306 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1308381 @@ -0,0 +1,17 @@ + + + +illegal instructions for AArch64 ARMv8 + +The test case is in the attachment. To reproduce as following (I tried both GCC and Clang): +$aarch64-linux-gnu-gcc qemu.c -o test +$./test +qemu: uncaught target signal 4 (Illegal instruction) - core dumped +Illegal instruction (core dumped) + +There are 3 intrinsics are tested in the test case: vqmovunh_s16, vqmovuns_s32, vqmovund_s64. They will be compiled into instructions: +SQXTUN Bd, Hn +SQXTUN Hd, Sn +SQXTUN Sd, Dn. + +It seems that these instructions are not supported in QEMU. Is this a bug? \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1328996 b/results/classifier/deepseek-r1:32b/output/instruction/1328996 new file mode 100644 index 000000000..418a4353a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1328996 @@ -0,0 +1,6 @@ + + + +[AArch64] - blr x30 is handled incorrectly + +Whenever x30 is used as the operand for blr, the result will be incorrect. There is no restriction on using x30 (LR) with the blr instruction in the ARMv8 manual. There are two statically linked 64-bit executables in files.tar.gz: good and bad. The executable "good" uses "blr x9", and the output is what is expected: "func". The executable "bad" uses "blr x30" and nothing is printed out. It prints "func" on the actual device. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1339 b/results/classifier/deepseek-r1:32b/output/instruction/1339 new file mode 100644 index 000000000..dd0af5e85 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1339 @@ -0,0 +1,19 @@ + + + +RVV vfncvt.rtz.x.f.w Assertion failed +Description of problem: +when execute +``` +vsetvli t0, x0, e16, m1 +vfncvt.rtz.x.f.w v0, v4 +``` +report error: + +qemu-riscv64: ../target/riscv/translate.c:212: decode_save_opc: Assertion \`ctx->insn_start != NULL' failed. Segmentation fault (core dumped) +Steps to reproduce: +1. write the code +2. compile +3. excute +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1370 b/results/classifier/deepseek-r1:32b/output/instruction/1370 new file mode 100644 index 000000000..da284a401 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1370 @@ -0,0 +1,16 @@ + + + +x86 BLSI and BLSR semantic bug +Description of problem: +The result of instruction BLSI and BLSR is different from the CPU. The value of CF is different. +Steps to reproduce: +1. Compile this code +``` +void main() { + asm("blsi rax, rbx"); +} +``` +2. Execute and compare the result with the CPU. The value of `CF` is exactly the opposite. This problem happens with BLSR, too. +Additional information: +This bug is discovered by research conducted by KAIST SoftSec. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1371 b/results/classifier/deepseek-r1:32b/output/instruction/1371 new file mode 100644 index 000000000..a77c0b1fe --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1371 @@ -0,0 +1,22 @@ + + + +x86 BLSMSK semantic bug +Description of problem: +The result of instruction BLSMSK is different with from the CPU. The value of CF is different. +Steps to reproduce: +1. Compile this code +``` +void main() { + asm("mov rax, 0x65b2e276ad27c67"); + asm("mov rbx, 0x62f34955226b2b5d"); + asm("blsmsk eax, ebx"); +} +``` +2. Execute and compare the result with the CPU. + - CPU + - CF = 0 + - QEMU + - CF = 1 +Additional information: +This bug is discovered by research conducted by KAIST SoftSec. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1372 b/results/classifier/deepseek-r1:32b/output/instruction/1372 new file mode 100644 index 000000000..ded24a388 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1372 @@ -0,0 +1,23 @@ + + + +x86 BEXTR semantic bug +Description of problem: +The result of instruction BEXTR is different with from the CPU. The value of destination register is different. I think QEMU does not consider the operand size limit. +Steps to reproduce: +1. Compile this code +``` +void main() { + asm("mov rax, 0x17b3693f77fb6e9"); + asm("mov rbx, 0x8f635a775ad3b9b4"); + asm("mov rcx, 0xb717b75da9983018"); + asm("bextr eax, ebx, ecx"); +} +``` +2. Execute and compare the result with the CPU. + - CPU + - RAX = 0x5a + - QEMU + - RAX = 0x635a775a +Additional information: +This bug is discovered by research conducted by KAIST SoftSec. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1373 b/results/classifier/deepseek-r1:32b/output/instruction/1373 new file mode 100644 index 000000000..d31e7a28e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1373 @@ -0,0 +1,23 @@ + + + +x86 ADOX and ADCX semantic bug +Description of problem: +The result of instruction ADOX and ADCX are different from the CPU. The value of one of EFLAGS is different. +Steps to reproduce: +1. Compile this code +``` +void main() { + asm("push 512; popfq;"); + asm("mov rax, 0xffffffff84fdbf24"); + asm("mov rbx, 0xb197d26043bec15d"); + asm("adox eax, ebx"); +} +``` +2. Execute and compare the result with the CPU. This problem happens with ADCX, too (with CF). + - CPU + - OF = 0 + - QEMU + - OF = 1 +Additional information: +This bug is discovered by research conducted by KAIST SoftSec. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1374 b/results/classifier/deepseek-r1:32b/output/instruction/1374 new file mode 100644 index 000000000..f23fdda34 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1374 @@ -0,0 +1,25 @@ + + + +x86 BZHI semantic bug +Description of problem: +The result of instruction BZHI is different from the CPU. The value of destination register and SF of EFLAGS are different. +Steps to reproduce: +1. Compile this code +``` +void main() { + asm("mov rax, 0xb1aa9da2fe33fe3"); + asm("mov rbx, 0x80000000ffffffff"); + asm("mov rcx, 0xf3fce8829b99a5c6"); + asm("bzhi rax, rbx, rcx"); +} +``` +2. Execute and compare the result with the CPU. + - CPU + - RAX = 0x0x80000000ffffffff + - SF = 1 + - QEMU + - RAX = 0xffffffff + - SF = 0 +Additional information: +This bug is discovered by research conducted by KAIST SoftSec. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1375 b/results/classifier/deepseek-r1:32b/output/instruction/1375 new file mode 100644 index 000000000..62948b02a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1375 @@ -0,0 +1,22 @@ + + + +x86 SSE/SSE2/SSE3 instruction semantic bugs with NaN +Description of problem: +The result of SSE/SSE2/SSE3 instructions with NaN is different from the CPU. From Intel manual Volume 1 Appendix D.4.2.2, they defined the behavior of such instructions with NaN. But I think QEMU did not implement this semantic exactly because the byte result is different. +Steps to reproduce: +1. Compile this code +``` +void main() { + asm("mov rax, 0x000000007fffffff; push rax; mov rax, 0x00000000ffffffff; push rax; movdqu XMM1, [rsp];"); + asm("mov rax, 0x2e711de7aa46af1a; push rax; mov rax, 0x7fffffff7fffffff; push rax; movdqu XMM2, [rsp];"); + asm("addsubps xmm1, xmm2"); +} +``` +2. Execute and compare the result with the CPU. This problem happens with other SSE/SSE2/SSE3 instructions specified in the manual, Volume 1 Appendix D.4.2.2. + - CPU + - xmm1[3] = 0xffffffff + - QEMU + - xmm1[3] = 0x7fffffff +Additional information: +This bug is discovered by research conducted by KAIST SoftSec. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1376 b/results/classifier/deepseek-r1:32b/output/instruction/1376 new file mode 100644 index 000000000..f6ab4a57f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1376 @@ -0,0 +1,18 @@ + + + +x86 LSL and LAR fault +Description of problem: +From the description of LSL and LAR instructions in manual, `If the segment descriptor cannot be accessed or is an invalid type for the instruction, the ZF flag is cleared and no value is loaded in the destination operand.`. When it happens at the CPU, it seems they do nothing (nop). However, in QEMU, it crashes. +Steps to reproduce: +1. Compile this code +``` +void main() { + asm("mov rax, 0xa02e698e741f5a6a"); + asm("mov rbx, 0x20959ddd7a0aef"); + asm("lsl ax, bx"); +} +``` +2. Execute. QEMU crashes but CPU does not. This problem happens with LAR, too. +Additional information: +This bug is discovered by research conducted by KAIST SoftSec. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1404690 b/results/classifier/deepseek-r1:32b/output/instruction/1404690 new file mode 100644 index 000000000..7ef62aa3c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1404690 @@ -0,0 +1,41 @@ + + + +Qemu crashes with chrooted m68k + +I'm using qemu-m68k 2.2.0 to chroot into a m68k coldfire linux, which works fine on the coldfire machine. + +I've been able to use binfmt_msc and used the above code to use qemu with strace: + +#include <unistd.h> +#include <string.h> + +int main(int argc, char **argv, char **envp) { + char *newargv[argc + 4]; + + newargv[0] = argv[0]; + newargv[1] = "-cpu"; + newargv[2] = "cfv4e"; + newargv[3] = "-strace"; + + memcpy(&newargv[4], &argv[1], sizeof(*argv) * (argc - 1)); + newargv[argc + 3] = NULL; + return execve("/usr/bin/qemu-m68k", newargv, envp); +} + +Everything works fine. I can run bash, busybox, ash, but when I try to run a ls or just type an invalid command, I got the attached sequence of messages, which end like so: + +11351 waitpid(-1,0xf6fffa00,0x3) = -1 errno=10 (No child processes) +qemu: fatal: Illegal instruction: 0000 @ f6fffa30 +D0 = ffffffff A0 = f67dcf50 F0 = 0000000000000000 ( 0) +D1 = 0000000a A1 = f66e0898 F1 = 0000000000000000 ( 0) +D2 = f6fffaa8 A2 = f67df268 F2 = 0000000000000000 ( 0) +D3 = 00000000 A3 = 00000000 F3 = 0000000000000000 ( 0) +D4 = 00000008 A4 = 800026c4 F4 = 0000000000000000 ( 0) +D5 = 00000000 A5 = f67d98e0 F5 = 0000000000000000 ( 0) +D6 = f6fffaa8 A6 = f6fffa7c F6 = 0000000000000000 ( 0) +D7 = 00000002 A7 = f6fffa24 F7 = 0000000000000000 ( 0) +PC = f6fffa30 SR = 0000 ----- FPRESULT = 0 +Aborted + +How can I debug it further to try to figure out if this is a qemu issue or not? Thanks \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1428352 b/results/classifier/deepseek-r1:32b/output/instruction/1428352 new file mode 100644 index 000000000..860650387 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1428352 @@ -0,0 +1,47 @@ + + + +SYSRET instruction incorrectly implemented + +The Intel architecture manual states that when returning to user mode, the SYSRET instruction will re-load the stack selector (%ss) from the IA32_STAR model specific register using the following logic: + +SS.Selector <-- (IA32_STAR[63:48]+8) OR 3; (* RPL forced to 3 *) + +Another description of the instruction behavior which shows the same logic in a slightly different form can also be found here: + +http://tptp.cc/mirrors/siyobik.info/instruction/SYSRET.html + +[...] + SS(SEL) = IA32_STAR[63:48] + 8; + SS(PL) = 0x3; +[...] + +In other words, the value of the %ss register is supposed to be loaded from bits 63:48 of the IA32_STAR model-specific register, incremented by 8, and then ORed with 3. ORing in the 3 sets the privilege level to 3 (user). This is done since SYSRET returns to user mode after a system call. + +However, helper_sysret() in target-i386/seg_helper.c does not do the "OR 3" step. The code looks like this: + + cpu_x86_load_seg_cache(env, R_SS, selector + 8, + 0, 0xffffffff, + DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | + DESC_S_MASK | (3 << DESC_DPL_SHIFT) | + DESC_W_MASK | DESC_A_MASK); + +It should look like this: + + cpu_x86_load_seg_cache(env, R_SS, (selector + 8) | 3, + 0, 0xffffffff, + DESC_G_MASK | DESC_B_MASK | DESC_P_MASK | + DESC_S_MASK | (3 << DESC_DPL_SHIFT) | + DESC_W_MASK | DESC_A_MASK); + +The code does correctly set the privilege level bits for the code selector register (%cs) but not for the stack selector (%ss). + +The effect of this is that when SYSRET returns control to the user-mode caller, %ss will be have the privilege level bits cleared. In my case, it went from 0x2b to 0x28. This caused a crash later: when the user-mode code was preempted by an interrupt, and the interrupt handler would do an IRET, a general protection fault would occur because the %ss value being loaded from the exception frame was not valid for user mode. (At least, I think that's what happened.) + +This behavior seems inconsistent with real hardware, and also appears to be wrong with respect to the Intel documentation, so I'm pretty confident in calling this a bug. :) + +Note that this issue seems to have been around for a long time. I discovered it while using QEMU 2.2.0, but I happened to have the sources for QEMU 0.10.5, and the problem is there too (in os_helper.c). I am using FreeBSD/amd64 9.1-RELEASE as my host system, without KVM. + +The fix is fairly simple. I'm attaching a patch which worked for me. Using this fix, the code that I'm testing now behaves the same on the QEMU virtual machine as on real hardware. + +- Bill (<email address hidden>) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1441 b/results/classifier/deepseek-r1:32b/output/instruction/1441 new file mode 100644 index 000000000..9aaffc7f3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1441 @@ -0,0 +1,37 @@ + + + +Assertion failure when executing RISC-V vfncvt.rtz.x.f.w instruction +Description of problem: +When emulating the `vfncvt.rtz.x.f.w` instruction, QEMU crashes with an assertion failure at `target/riscv/translate.c:211`, complaining that ```decode_save_opc: Assertion `ctx->insn_start != NULL' failed.``` + +It appears this problem first emerged with https://gitlab.com/qemu-project/qemu/-/commit/a9814e3e08d2aacbd9018c36c77c2fb652537848 +Steps to reproduce: +The following C program triggers the assertion failure when built a sufficiently recent version of the Clang cross compiler (in my case 15.0.6): +``` +/* test.c */ +#include <riscv_vector.h> + +#define LEN 4 + +int main(int argc, char *argv[]) { + double in[LEN]; + int out[LEN]; + + vfloat64m1_t vf = vle64_v_f64m1(in, LEN); + vint32mf2_t vi = vfncvt_rtz_x_f_w_i32mf2(vf, LEN); + vse32_v_i32mf2(out, vi, LEN); + + return 0; +} +``` + +The above `test.c` can be compiled and run as follows: +``` +clang -O3 -march=rv64gcv -static test.c +qemu-riscv64 -cpu "rv64,zba=true,zbb=true,zbc=true,zbs=true,v=true,vlen=512,elen=64,vext_spec=v1.0" a.out +qemu-riscv64: ../target/riscv/translate.c:211: decode_save_opc: Assertion `ctx->insn_start != NULL' failed. +Segmentation fault (core dumped) +``` +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1452 b/results/classifier/deepseek-r1:32b/output/instruction/1452 new file mode 100644 index 000000000..d0390a57f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1452 @@ -0,0 +1,4 @@ + + + +Tricore: support for shuffle and syscall instruction diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1469342 b/results/classifier/deepseek-r1:32b/output/instruction/1469342 new file mode 100644 index 000000000..31e8630a1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1469342 @@ -0,0 +1,6 @@ + + + +qemu-i386 pentium3/athlon incorrect instruction set + +Running a binary containing a movsd instruction (SSE2) in 32-bit qemu-i386 -cpu pentium3 from 20150609 results in flawless execution whereas it should crash with SIGILL as P3 only had SSE. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1471 b/results/classifier/deepseek-r1:32b/output/instruction/1471 new file mode 100644 index 000000000..670b1af3c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1471 @@ -0,0 +1,19 @@ + + + +16fc5726a6 breaks curl SSL connections +Description of problem: +`./qemu-x86_64 /path/to/curl-amd64 https://news.bbc.co.uk` should work, just as `./qemu-aarch64 /path/to/curl-aarch64 https://news.bbc.co.uk` does. However, commit 16fc5726a6e296b3f63acec537c299c1dc49d6c4 broke this (determined via `git bisect`). +Steps to reproduce: +1. Checkout and build `qemu` commit 16fc5726a6e296b3f63acec537c299c1dc49d6c4 +2. On an aarch64 host system, download the amd64 build of `curl` from https://github.com/moparisthebest/static-curl/releases/tag/v7.87.0 +3. Run `./qemu-x86_64 /path/to/curl-amd64 https://news.bbc.co.uk` +4. Observe the following error message: + +``` +curl: (35) error:1416D07B:SSL routines:tls_process_key_exchange:bad signature +``` + +Note that the `aarch64` equivalent works just fine. As does the previous commit using `amd64`. + +Also note, this bug is also present at current tip (13356edb87506c148b163b8c7eb0695647d00c2a). diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1512 b/results/classifier/deepseek-r1:32b/output/instruction/1512 new file mode 100644 index 000000000..ff48c0904 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1512 @@ -0,0 +1,4 @@ + + + +AVX/AVX2 not correcly detected in user mode diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1536 b/results/classifier/deepseek-r1:32b/output/instruction/1536 new file mode 100644 index 000000000..252246abf --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1536 @@ -0,0 +1,19 @@ + + + +Test programs that use the vextractbm, vextracthm, vextractwm, or vextractdm instructions fail on qemu-ppc64 (but not qemu-ppc64le) +Description of problem: +Some of the test programs that use the vextractbm, vextracthm, vextractwm, or vextractdm instructions fail on qemu-ppc64 (but not qemu-ppc64le). +Steps to reproduce: +1. Download the vsx_mask_extract_runnable_test_030723.c test program from https://gist.githubusercontent.com/johnplatts/db0e9f6683e85e9288fde5c031b3c0e5/raw/ccfb8170f3e613398750830451eebb362875493d/vsx_mask_extract_runnable_test_030723.c. +2. Install the ppc64 gcc cross-compiler and required libraries, which can be done using the ```sudo apt install build-essential gdb-multiarch g++-12-powerpc64-linux-gnu binutils-powerpc64-linux-gnu binutils-powerpc64-linux-gnu-dbg libc6-ppc64-cross libstdc++6-ppc64-cross``` command on Ubuntu 22.04. +3. Compile the vsx_mask_extract_runnable_test_030723.c test program downloaded in step 1 using the ```powerpc64-linux-gnu-gcc-12``` cross-compiler with the ```-mcpu=power10``` option. +4. Execute the program compiled in step 3 using the ```QEMU_LD_PREFIX=/usr/powerpc64-linux-gnu qemu-ppc64 -cpu power10 ./vsx_mask_extract_runnable_test_030723``` command. + +The issue can also be reproduced by compiling Google Highway and running its unit tests as follows: +1. Clone the Google Highway git repository by running the ```git clone https://github.com/google/highway.git google_highway``` command. +2. Create a ```hwy_ppcbe10_build``` directory inside of the ```google_highway``` directory created in step #1. +3. In the ```hwy_ppc10be_build``` directory created in the previous step, execute the following commands: + - ```CC=powerpc64-linux-gnu-gcc-12 CXX=powerpc64-linux-gnu-g++-12 cmake .. -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_COMPILER_TARGET="powerpc64-linux-gnu" -DCMAKE_CXX_COMPILER_TARGET="powerpc64-linux-gnu" -DCMAKE_CROSSCOMPILING=true -DCMAKE_CROSSCOMPILING_EMULATOR='/usr/local/bin/qemu-ppc64;-cpu;power10' -DCMAKE_C_FLAGS='-mcpu=power10 -DHWY_DISABLED_TARGETS=6918373452571213824' -DCMAKE_CXX_FLAGS='-mcpu=power10 -DHWY_DISABLED_TARGETS=6918373452571213824'``` + - ```QEMU_LD_PREFIX=/usr/powerpc64-linux-gnu make``` + - ```QEMU_LD_PREFIX=/usr/powerpc64-linux-gnu ctest -j``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1547 b/results/classifier/deepseek-r1:32b/output/instruction/1547 new file mode 100644 index 000000000..879730151 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1547 @@ -0,0 +1,15 @@ + + + +POWER9 emulation is broken when compiler optimizations are on (for gcc 11.3 and later) +Description of problem: +Comparing two floating point memory operands produces incorrect result +Steps to reproduce: +1. Unpack attached archive and change to test_p64 directory +2. Build the source file with: powerpc64le-linux-gnu-g++ -O2 -static test.cpp -o test_p64 +3. Run with QEMU: qemu-ppc64le -cpu POWER9 test_p64 > output.txt +4. Check the output text file output.txt (with pluma or any other text editor) to see the printouts +Additional information: +The pre-built binary and its output file are attached as test_p64.tar.gz[test_p64.tar.gz](/uploads/0e9dbc22e6841496efc15775e6aa624a/test_p64.tar.gz) + +The purpose of this report is to motivate the creation of a point release QEMU 6.2.1 for Ubuntu 22.04 LTS (which will be supported for years to come). Also cross-linking similar bug report for MIPS with exact same goal: https://gitlab.com/qemu-project/qemu/-/issues/1531 diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1553 b/results/classifier/deepseek-r1:32b/output/instruction/1553 new file mode 100644 index 000000000..89fab3c5f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1553 @@ -0,0 +1,15 @@ + + + +Build error: implicit declaration of function 'qemu_close_to_socket' +Description of problem: +When build the latest master code with MSYS2 on Windows 10, GCC reports: +../ui/spice-core.c: In function 'watch_remove': +../ui/spice-core.c:152:5: error: implicit declaration of function 'qemu_close_to_socket' [-Werror=implicit-function-declaration] + 152 | qemu_close_to_socket(watch->fd); + | ^~~~~~~~~~~~~~~~~~~~ +../ui/spice-core.c:152:5: error: nested extern declaration of 'qemu_close_to_socket' [-Werror=nested-externs] +Steps to reproduce: +1. ./configure --enable-sdl --enable-gtk --target-list=arm-softmmu,aarch64-softmmu +2. cd build +3. make diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1574346 b/results/classifier/deepseek-r1:32b/output/instruction/1574346 new file mode 100644 index 000000000..59fce0e2b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1574346 @@ -0,0 +1,15 @@ + + + +TCG: mov to segment register is incorrectly emulated for AMD CPUs + +In TCG mode, the effect of: + +xorl %eax, %eax +movl %eax, %gs + +is to mark the GS segment unusable and set its base to zero. After doing this, reading MSR_GS_BASE will return zero and using a GS prefix in long mode will treat the GS base as zero. + +This is correct for Intel CPUs but is incorrect for AMD CPUs. On an AMD CPU, writing 0 to %gs using mov, pop, or (I think) lgs will leave the base unchanged. + +To make it easier to use TCG to validate behavior on different CPUs, please consider changing the TCG behavior to match actual CPU behavior when emulating an AMD CPU. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1590336 b/results/classifier/deepseek-r1:32b/output/instruction/1590336 new file mode 100644 index 000000000..5f78ff54e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1590336 @@ -0,0 +1,18 @@ + + + +qemu-arm does not reject vrintz on non-v8 cpu + +Hello, + +It seems that qemu-arm does not reject some v8-only instructions as it should, but executes them "correctly". + +For instance, while compiling/running some of the GCC ARM instrinsics tests, we noticed that +vrintz should be rejected on cortex-a9 for instance, while it is executed as if the instruction was supported. + +objdump says: + 1074c: f3fa05a0 vrintz.f32 d16, d16 +and qemu -d in_asm says: +0x0001074c: f3fa05a0 vabal.u<illegal width 64> q8, d26, d16 + +The problem is still present in qemu-2.6.0 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1594069 b/results/classifier/deepseek-r1:32b/output/instruction/1594069 new file mode 100644 index 000000000..2d47150c2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1594069 @@ -0,0 +1,11 @@ + + + +SIMD instructions translated to scalar host instructions + +SIMD instructions inside the guest (NEON, MMX, SSE, SSE2, AVX) are translated to scalar instructions on the host instead of SIMD instructions. It appears that there have been a few efforts to rectify this [1], and even a submitted patch series, but all discussion has effectively died out [2]. + +I would like to see better SIMD performance on qemu, especially as non-x86 architectures are becoming widely used (e.g. ARM). + +[1] http://dl.acm.org/citation.cfm?id=2757098&dl=ACM&coll=DL&CFID=633095244&CFTOKEN=12352103 +[2] https://lists.nongnu.org/archive/html/qemu-devel/2014-10/msg01720.html \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1605123 b/results/classifier/deepseek-r1:32b/output/instruction/1605123 new file mode 100644 index 000000000..f79f6cadd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1605123 @@ -0,0 +1,31 @@ + + + +PEXT returns wrong values, seemingly switches arguments + +Hi, + +I fiddled with BMI2 instructions and discovered that pext instructions +emulated with "qemu-x86_64 -cpu Haswell" return the wrong value. It +seemingly switches up its arguments. I suspect that the error is around the +gen_helper_pext(...) call in target-i386/translate.c. I checked helper_pext +in target-i386/int_helper.c and it works fine. + +I ran my program on a CPU with BMI2 instruction set too, and it indeed +returns different values. + +I didn't check pdep, it could have the same problem. + +$ qemu-x86_64 --version +qemu-x86_64 version 2.6.50 (v2.6.0-2095-ge66b05e-dirty), Copyright (c) 2003-2008 Fabrice Bellard + +$ uname -a +Linux lenard-hp 4.3.0-1-amd64 #1 SMP Debian 4.3.5-1 (2016-02-06) x86_64 GNU/Linux + +I compiled the attached file with the command line "gcc -o main -g -mbmi2 main.c". + +$ gcc --version +gcc (Debian 5.4.0-6) 5.4.0 20160609 + +Best regards, +Lénárd Szolnoki \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1606 b/results/classifier/deepseek-r1:32b/output/instruction/1606 new file mode 100644 index 000000000..6f678ad0f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1606 @@ -0,0 +1,32 @@ + + + +riscv: fence.i is not functional +Description of problem: +The attached user-level test is designed to do the following (in iteration): + + - Thread P0 on CPU0 changes some text/code, while + + - Thread P1 on CPU1 checks/reads the code, fence.i, then executes the same code. + +Results (in stdout) indicates that CPU1 has read the new code (1:x5=a009) but executed the old one (1:x7=1) (against the specification). +Steps to reproduce: +1. echo 2 > /proc/sys/vm/nr_hugepages +2. ./CoRF+fence.i +Additional information: +Example output: +```[CoRF+fence.i.c](/uploads/c150ca0910783cc4bfc3886789b64c28/CoRF+fence.i.c) +Test CoRF+fence.i Allowed +Histogram (4 states) +25784 :>1:x5=0xa009; 1:x7=2; +24207 *>1:x5=0xa009; 1:x7=1; <-- THIS LINE +8 :>1:x5=0xa019; 1:x7=1; +1 :>1:x5=0xa019; 1:x7=2; +Ok +Witnesses +Positive: 24207 Negative 25793 +Condition exists (1:x5=0xa009 /\ 1:x7=1) is validated +Observation CoRF+fence.i Sometimes 24207 25793 +Time CoRF+fence.i 0.85 +Hash= +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1611394 b/results/classifier/deepseek-r1:32b/output/instruction/1611394 new file mode 100644 index 000000000..0e397a201 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1611394 @@ -0,0 +1,32 @@ + + + +qemu-ppc: Scalar Single-Precision Floating-Point instructions should not test MSR[SPV] + +According to "Signal Processing Engine (SPE) Programming Environments Manual" at +http://cache.nxp.com/files/32bit/doc/ref_manual/SPEPEM.pdf?fsrch=1&sr=1&pageNum=1 + +c.f section 4.2.3 and also Figure 2-2. + +When MSR[SPV] is _NOT_ set, then the embedded scalar single-precision floating-point instructions +should _NOT_ generate an Embedded Floating-Point Unavailable Interrupt. + + +Hence, some tests for MSR[SPV] in file target-ppc/translate.c need to be removed. +Namely, in the definitions of +1. GEN_SPEFPUOP_ARITH2_32_32 +2. gen_efsabs +3. gen_efsnabs +4. gen_efsneg +5. GEN_SPEFPUOP_COMP_32 + +Note, the macro GEN_SPEFPUOP_CONV_32_32 is already correct. + +One more thing, afaict the macro GEN_SPEFPUOP_CONV_32_64 is used by both +efs- and efd- instructions, and will need to be split in two versions. +The efs-use (i.e for efscfd) should be as it is today, but the use by efd-instructions +(e.g efdctui) will need to add a test for MSR[SPV]. + + + +(I've looked at today's HEAD-revision of target-ppc/translate.c). \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1612 b/results/classifier/deepseek-r1:32b/output/instruction/1612 new file mode 100644 index 000000000..076536677 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1612 @@ -0,0 +1,54 @@ + + + +SVE first-faulting gather loads return incorrect data +Description of problem: +The results of `ldff1(b|h|w|d)` seem to be incorrect when `<Zt> == <Zm>`. The first element is duplicated throughout the vector while the FFR indicates that all elements were successfully loaded. This happens since https://gitlab.com/qemu-project/qemu/-/commit/50de9b78cec06e6d16e92a114a505779359ca532, and still happens on the latest master. +Steps to reproduce: +1. This assembly sequence loads data with an `ldff1d` instruction (and also loads the ffr). Note that with `ldff1d`, `<Zt> == <Zm>`. + +asmtest.s +``` + .type asmtest, @function + .balign 16 + .global asmtest +asmtest: + setffr + ptrue p0.d + index z1.d, #0, #1 + ldff1d z1.d, p0/z, [x0, z1.d, LSL #3] + rdffr p1.b + st1d {z1.d}, p0, [x1] + str p1, [x2] + ret +``` + +This harness for convenience intialises some data and checks the element at index 1, which should be 1. + +test.c +``` +#include <arm_sve.h> +#include <stdio.h> + +void asmtest(int64_t const * data, svint64_t * loaded, svbool_t * ffr); + +int main() { + const int64_t data[] = {42, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, + 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, + 22, 23, 24, 25, 26, 27, 28, 29, 30, 31}; + svint64_t loaded; + svbool_t ffr; + + asmtest(data, &loaded, &ffr); + + // Check value of element at index 1 + svuint64_t lanes = svindex_u64(0, 1); + svbool_t lane = svcmpeq_n_u64(svptrue_b64(), lanes, 1); + printf("%ld\n", svaddv_s64(lane, loaded)); +} +``` + +2. ```clang-15 -fuse-ld=lld -march=armv8-a+sve2 -target aarch64-unknown-linux-gnu -static *.c *.s -o svldffgathertest``` +3. ```qemu-aarch64 svldffgathertest``` - the value printed should be 1, but it can be seen that all values in the loaded vector are 42. +Additional information: +The above code was successfully tested on real SVE hardware. Normal gathers work fine in QEMU, as does a non-gather first-fault load. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1613817 b/results/classifier/deepseek-r1:32b/output/instruction/1613817 new file mode 100644 index 000000000..f631772b2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1613817 @@ -0,0 +1,59 @@ + + + +x86: ret, lret and iret with noncanonical IP saves wrong IP on the exception stack + +This test program: + +# compile with: gcc -nostartfiles -nostdlib +_start: .globl _start + mov %ss,%eax + push %rax + push %rsp + pushf + mov %cs,%eax + push %rax + mov $0x1234567812345678,%rax + push %rax +//qemu bug: ip=1234567812345678, should be ip=0000000000400abc: + iretq +1: + jmp 1b + +should segfault on IRET instruction because return address on stack is invalid +(it is not canonical). And it does, both on native CPU and in qemu. +But there is a difference: on native CPU, it fails before instruction is executed, +IOW: saved IP points to the failed IRET: + +# strace -i ./bad_ip_in_iret +[00007fa609805d57] execve("./bad_ip_in_iret", ["./bad_ip_in_iret"], [/* 54 vars */]) = 0 +[00000000004000e7] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} --- + ^^^^^^^^^^^^^^^^-NOTE THIS +[????????????????] +++ killed by SIGSEGV (core dumped) +++ + + +In qemu, evidently instruction succeeds, and then emulated CPU throws an exception because fetching instructions from non-canonical addresses is not allowed: + +/ # strace -i ./bad_ip_in_iret +[000000000041a790] execve("./bad_ip_in_iret", ["./bad_ip_in_iret"], [/* 5 vars */]) = 0 +[1234567812345678] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} --- + ^^^^^^^^^^^^^^^^-NOTE THIS +[????????????????] +++ killed by SIGSEGV +++ +Segmentation fault + +Thus, the emulation is not the same as real CPU. + +This is not specific to IRET, the same happens with "far return" LRET, +and with ordinary RET instructions as well. +In qemu: + +/ # strace -i ./bad_ip_in_lret +[000000000041a790] execve("./bad_ip_in_lret", ["./bad_ip_in_lret"], [/* 5 vars */]) = 0 +[1234567812345678] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} --- +[????????????????] +++ killed by SIGSEGV +++ +Segmentation fault +/ # strace -i ./bad_ip_in_ret +[000000000041a790] execve("./bad_ip_in_ret", ["./bad_ip_in_ret"], [/* 5 vars */]) = 0 +[1234567812345678] --- SIGSEGV {si_signo=SIGSEGV, si_code=SI_KERNEL, si_addr=0} --- +[????????????????] +++ killed by SIGSEGV +++ +Segmentation fault \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1620 b/results/classifier/deepseek-r1:32b/output/instruction/1620 new file mode 100644 index 000000000..e286fd225 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1620 @@ -0,0 +1,97 @@ + + + +SME FMOPA outer product instruction gives incorrect result +Description of problem: +The SME outer product instructions operate on tiles of elements. In the +below example we are performing an outer product of a vector of 1.0 +by itself. This naturally should produce a matrix filled with 1.0 +values, however if we read the values of the tile and printf them we +instead observe 0.0 values. + +Without digging into the underlying QEMU code this appears to be a bug +in how elements are set based on the tile number, since the same code +using za0.s rather than za1.s correctly reports all 1.0 values as output +as expected. + +main.c +``` +#include <stdio.h> + +void foo(float *dst); + +int main() { + float dst[16]; + foo(dst); + + // This should print: + // >>> 1.000000 1.000000 1.000000 1.000000 + // >>> 1.000000 1.000000 1.000000 1.000000 + // >>> 1.000000 1.000000 1.000000 1.000000 + // >>> 1.000000 1.000000 1.000000 1.000000 + for (int i=0; i<4; ++i) { + printf(">>> "); + for (int j=0; j<4; ++j) { + printf("%lf ", (double)dst[i * 4 + j]); + } + printf("\n"); + } +} +``` + +foo.S +``` +.global foo +foo: + stp x29, x30, [sp, -80]! + mov x29, sp + stp d8, d9, [sp, 16] + stp d10, d11, [sp, 32] + stp d12, d13, [sp, 48] + stp d14, d15, [sp, 64] + + smstart + + ptrue p0.s, vl4 + fmov z0.s, #1.0 + + // An outer product of a vector of 1.0 by itself should be a matrix of 1.0. + // Note that we are using tile 1 here (za1.s) rather than tile 0. + zero {za} + fmopa za1.s, p0/m, p0/m, z0.s, z0.s + + // Read the first 4x4 sub-matrix of elements from tile 1: + // Note that za1h should be interchangable here. + mov w12, #0 + mova z0.s, p0/m, za1v.s[w12, #0] + mova z1.s, p0/m, za1v.s[w12, #1] + mova z2.s, p0/m, za1v.s[w12, #2] + mova z3.s, p0/m, za1v.s[w12, #3] + + // And store them to the input pointer (dst in the C code): + st1w {z0.s}, p0, [x0] + add x0, x0, #16 + st1w {z1.s}, p0, [x0] + add x0, x0, #16 + st1w {z2.s}, p0, [x0] + add x0, x0, #16 + st1w {z3.s}, p0, [x0] + + smstop + + ldp d8, d9, [sp, 16] + ldp d10, d11, [sp, 32] + ldp d12, d13, [sp, 48] + ldp d14, d15, [sp, 64] + ldp x29, x30, [sp], 80 + ret +``` +Steps to reproduce: +``` +$ clang -target aarch64-linux-gnu -march=armv9-a+sme test.c -O1 -static +$ ~/qemu/build/qemu-aarch64 ./a.out +>>> 0.000000 0.000000 0.000000 0.000000 +>>> 0.000000 0.000000 0.000000 0.000000 +>>> 0.000000 0.000000 0.000000 0.000000 +>>> 0.000000 0.000000 0.000000 0.000000 +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1637 b/results/classifier/deepseek-r1:32b/output/instruction/1637 new file mode 100644 index 000000000..75c917c47 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1637 @@ -0,0 +1,4 @@ + + + +Crash when executing `ucomiss` instructions emulating an x86-64 CPU on an AArch64 host diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1641637 b/results/classifier/deepseek-r1:32b/output/instruction/1641637 new file mode 100644 index 000000000..82d651dca --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1641637 @@ -0,0 +1,716 @@ + + + +incorrect illegal SSE3 instructions reporting on x86_64 + +Hi all, we found 28 differently encoded illegal SSE3 instructions reporting on the most recent x86_64 user mode linux qemu (version 2.7.0). We believe these reporting should be incorrect because the same code can be executed on a real machine. The instructions are the following: + +pabsb %mm0, %mm1 +pabsb %xmm0, %xmm1 +pabsd %mm0, %mm1 +pabsd %xmm0, %xmm1 +pabsw %mm0, %mm1 +pabsw %xmm0, %xmm1 +phaddd %mm0, %mm1 +phaddd %xmm0, %xmm1 +phaddsw %mm0, %mm1 +phaddsw %xmm0, %xmm1 +phaddw %mm0, %mm1 +phaddw %xmm0, %xmm1 +phsubd %mm0, %mm1 +phsubd %xmm0, %xmm1 +phsubsw %mm0, %mm1 +phsubsw %xmm0, %xmm1 +phsubw %mm0, %mm1 +phsubw %xmm0, %xmm1 +pmaddubsw %mm0, %mm1 +pmaddubsw %xmm0, %xmm1 +pmulhrsw %mm0, %mm1 +pmulhrsw %xmm0, %xmm1 +psignb %mm0, %mm1 +psignb %xmm0, %xmm1 +psignd %mm0, %mm1 +psignd %xmm0, %xmm1 +psignw %mm0, %mm1 +psignw %xmm0, %xmm1 + +The following is the proof of code + +/********** Beginning of bug 1.c: pabsb %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("pabsb %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 1.c **********/ + + +/********** Beginning of bug 2.c: pabsb %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("pabsb %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 2.c **********/ + + +/********** Beginning of bug 3.c: pabsd %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("pabsd %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 3.c **********/ + + +/********** Beginning of bug 4.c: pabsd %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("pabsd %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 4.c **********/ + + +/********** Beginning of bug 5.c: pabsw %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("pabsw %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 5.c **********/ + + +/********** Beginning of bug 6.c: pabsw %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("pabsw %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 6.c **********/ + + +/********** Beginning of bug 7.c: phaddd %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("phaddd %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 7.c **********/ + + +/********** Beginning of bug 8.c: phaddd %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("phaddd %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 8.c **********/ + + +/********** Beginning of bug 9.c: phaddsw %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("phaddsw %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 9.c **********/ + + +/********** Beginning of bug 10.c: phaddsw %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("phaddsw %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 10.c **********/ + + +/********** Beginning of bug 11.c: phaddw %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("phaddw %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 11.c **********/ + + +/********** Beginning of bug 12.c: phaddw %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("phaddw %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 12.c **********/ + + +/********** Beginning of bug 13.c: phsubd %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("phsubd %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 13.c **********/ + + +/********** Beginning of bug 14.c: phsubd %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("phsubd %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 14.c **********/ + + +/********** Beginning of bug 15.c: phsubsw %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("phsubsw %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 15.c **********/ + + +/********** Beginning of bug 16.c: phsubsw %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("phsubsw %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 16.c **********/ + + +/********** Beginning of bug 17.c: phsubw %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("phsubw %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 17.c **********/ + + +/********** Beginning of bug 18.c: phsubw %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("phsubw %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 18.c **********/ + + +/********** Beginning of bug 19.c: pmaddubsw %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char i2[0x10]; +unsigned char i3[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm0\n"::"r"((char *)(i2)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i3)));; + asm("pmaddubsw %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 19.c **********/ + + +/********** Beginning of bug 20.c: pmaddubsw %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char i2[0x10]; +unsigned char i3[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i2)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i3)));; + asm("pmaddubsw %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 20.c **********/ + + +/********** Beginning of bug 21.c: pmulhrsw %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("pmulhrsw %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 21.c **********/ + + +/********** Beginning of bug 22.c: pmulhrsw %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("pmulhrsw %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 22.c **********/ + + +/********** Beginning of bug 23.c: psignb %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("psignb %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 23.c **********/ + + +/********** Beginning of bug 24.c: psignb %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("psignb %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 24.c **********/ + + +/********** Beginning of bug 25.c: psignd %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("psignd %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 25.c **********/ + + +/********** Beginning of bug 26.c: psignd %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("psignd %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 26.c **********/ + + +/********** Beginning of bug 27.c: psignw %mm0, %mm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movq (%%rdx), %%mm1\n"::"r"((char *)(i1)));; + asm("psignw %mm0, %mm1"); + asm("mov %0, %%rdx\n" + "movq %%mm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 27.c **********/ + + +/********** Beginning of bug 28.c: psignw %xmm0, %xmm1 **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char i1[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm0\n"::"r"((char *)(i0)));; + asm("mov %0, %%rdx\n" + "movdqu (%%rdx), %%xmm1\n"::"r"((char *)(i1)));; + asm("psignw %xmm0, %xmm1"); + asm("mov %0, %%rdx\n" + "movdqu %%xmm1, (%%rdx)\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} + +/********** End of bug 28.c **********/ + +For any of the above code, when compiled into x86-64 binary code with gcc, qemu reports the illegal instructions bug. However, these can be correctly executed on a real machine. For example, + +$ gcc 28.c -o 28 +$ qemu-x86_64 ./28 +qemu: uncaught target signal 4 (Illegal instruction) - core dumped +Illegal instruction +$ ./28 +00000000000000000000000000000000 + +Some information about the system: + +$ qemu-x86_64 --version +qemu-x86_64 version 2.7.0, Copyright (c) 2003-2016 Fabrice Bellard and the QEMU Project developers +$ uname -a +Linux cgos-System-Product-Name 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux +$ gcc --version +gcc (Ubuntu 4.8.4-2ubuntu1~14.04) 4.8.4 +Copyright (C) 2013 Free Software Foundation, Inc. +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + + +Thanks! \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1642 b/results/classifier/deepseek-r1:32b/output/instruction/1642 new file mode 100644 index 000000000..acf88a9a1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1642 @@ -0,0 +1,25 @@ + + + +Qemu aarch64 tcg crashes when emulating an STXP instruction but only on a Windows host +Description of problem: +Qemu segfaults when trying to emulate an STXP instruction, but only when running natively on a windows host (msys2 build). This is not the same as https://gitlab.com/qemu-project/qemu/-/issues/1581. + +I've managed to git-bisect it to this change: https://github.com/qemu/qemu/commit/546789c7df8866c55cae8d3195e8e58328a35d51 +Sadly i cannot investigate it further and contribute a fix, but it seems like a problem with one of the I128 arguments to `helper_atomic_cmpxchgo_le ` + +UPD: Issue is also in master (as of `caa9cbd566877b34e9abcc04d936116fc5e0ab28`) +Steps to reproduce: +N/A +Additional information: +``` +Thread 9 received signal SIGSEGV, Segmentation fault. +0x00007ff67efc32dc in helper_atomic_cmpxchgo_le (env=0x24796b08c10, addr=18446684150325987376, oldv=46236672343829145701101521005152, newv=2595395441251766838621186119693696, oi=3650) at ../accel/tcg/atomic_common.c.inc:60 +60 CMPXCHG_HELPER(cmpxchgo_le, Int128) +(gdb) bt +#0 0x00007ff67efc32dc in helper_atomic_cmpxchgo_le (env=0x24796b08c10, + addr=18446684150325987376, oldv=46236672343829145701101521005152, + newv=2595395441251766838621186119693696, oi=3650) at ../accel/tcg/atomic_common.c.inc:60 +#1 0x00000247a124f73d in ?? () + +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1701821 b/results/classifier/deepseek-r1:32b/output/instruction/1701821 new file mode 100644 index 000000000..b144d8c9b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1701821 @@ -0,0 +1,217 @@ + + + +floating-point operation bugs in qemu-sh4 + +When running the gnulib testsuite, I'm seeing test failures in the tests for libm functions + asinf + cbrtf + copysignf + coshf + expm1f + fabsf + floor + fmaf + ldexpf + logbf + round + roundf + sinhf + tanhf + +How to reproduce: +- Using gnulib, run ./gnulib-tool --create-testdir --dir=../testdir-math --single-configure asinf cbrtf copysignf coshf expm1f fabsf floor fma fmaf fmal ldexpf logbf round roundf sinhf tanhf +- Set environment variables for using qemu-sh4. +- cd testdir-math; mkdir build-sh4; cd build-sh4; ./configure --host=sh4-linux; make; make check + +Here are the failures (from the file testdir-math/build-sh4/gltests/test-suite.log): + + +FAIL: test-asinf +================ + +pc=0xf6751cdc sr=0x00000101 pr=0xf6758e86 fpscr=0x00080000 +spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf6751cd6 fpul=0x3f19999a +r0=0xf6751d88 r1=0x00000000 r2=0x00080000 r3=0x00000000 +r4=0xf6ffe21c r5=0xf6ffe230 r6=0xf6ffe2fc r7=0x00000000 +r8=0x3f19999a r9=0x3f19999a r10=0x00000000 r11=0x00000000 +r12=0xf67ab008 r13=0x00000000 r14=0x00000000 r15=0xf6ffe230 +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +Unhandled trap: 0x180 +FAIL test-asinf (exit status: 1) + +FAIL: test-cbrtf +================ + +pc=0x00400980 sr=0x00000001 pr=0x00400684 fpscr=0x00080000 +spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0x00400960 fpul=0x00000000 +r0=0x00400ae8 r1=0x00412070 r2=0x3f19999a r3=0xf6ffe2c0 +r4=0x00000001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00000000 +r8=0x00412064 r9=0x00400960 r10=0x00000000 r11=0x00000000 +r12=0xf671dc58 r13=0x00000000 r14=0x00000000 r15=0xf6ffe21c +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +Unhandled trap: 0x180 +FAIL test-cbrtf (exit status: 1) + +FAIL: test-copysignf +==================== + +pc=0x004004ce sr=0x00000001 pr=0xf668d28c fpscr=0x00080000 +spc=0x00000000 ssr=0x00000000 gbr=0xf6674678 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0x004004d2 fpul=0x00000000 +r0=0x80000000 r1=0x3f4ccccd r2=0xf6674284 r3=0xf6ffe2b0 +r4=0x00000001 r5=0xf6ffe2e4 r6=0xf6ffe2ec r7=0x00000000 +r8=0x00411088 r9=0x00411084 r10=0x00000000 r11=0x00000000 +r12=0xf67a8c58 r13=0x00000000 r14=0x00000000 r15=0xf6ffe240 +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +in conditional delay slot (delayed_pc=0x004004d2) +Unhandled trap: 0x1a0 +FAIL test-copysignf (exit status: 1) + +FAIL: test-coshf +================ + +pc=0xf675223a sr=0x00000101 pr=0xf675223c fpscr=0x00080000 +spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf675231c fpul=0x3f19999a +r0=0x3f19999a r1=0x3f19999a r2=0x000000e0 r3=0xf6ffe2c0 +r4=0x00000001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00000000 +r8=0x00400734 r9=0x00000000 r10=0x00000000 r11=0x00000000 +r12=0xf67ab008 r13=0x00000000 r14=0x00000000 r15=0xf6ffe240 +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +in delay slot (delayed_pc=0xf675231c) +Unhandled trap: 0x1a0 +FAIL test-coshf (exit status: 1) + +FAIL: test-expm1f +================= + +pc=0xf6757e08 sr=0x00000000 pr=0x004005ce fpscr=0x00081000 +spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf6757dfe fpul=0x00000000 +r0=0xf6757fb0 r1=0x00001000 r2=0x00080000 r3=0x3eb17218 +r4=0x00000001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00000000 +r8=0x00400514 r9=0x00000064 r10=0x00400514 r11=0x00000000 +r12=0xf67ab008 r13=0x00000000 r14=0x00000000 r15=0xf6ffe234 +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +Unhandled trap: 0x180 +FAIL test-expm1f (exit status: 1) + +FAIL: test-fabsf +================ + +pc=0x00400504 sr=0x00000001 pr=0xf660228c fpscr=0x00080000 +spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0x004004ec fpul=0x00000000 +r0=0x00400640 r1=0x00412074 r2=0x00000000 r3=0x00412078 +r4=0x00000001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00080000 +r8=0x004007ac r9=0x00000000 r10=0x00000000 r11=0x00000000 +r12=0xf671dc58 r13=0x00000000 r14=0x00000000 r15=0xf6ffe260 +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +Unhandled trap: 0x180 +FAIL test-fabsf (exit status: 1) + +FAIL: test-floor2 +================= + +../../gltests/test-floor2.c:130: assertion 'correct_result_p (x, reference)' failed +qemu: uncaught target signal 6 (Aborted) - core dumped +FAIL test-floor2 (exit status: 134) + +FAIL: test-fmaf2 +================ + +pc=0xf675f5ac sr=0x00000101 pr=0xf675f5a6 fpscr=0x00080000 +spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf675f5a6 fpul=0x01800000 +r0=0xf675f4a4 r1=0x000065b0 r2=0x00080000 r3=0x3f800000 +r4=0x01800000 r5=0x00000000 r6=0xffffffe9 r7=0x7f800000 +r8=0xffffff6b r9=0xf6ffe1e4 r10=0xf6ffe1e8 r11=0xffffff6b +r12=0xf67ab008 r13=0xf6ffe1d8 r14=0x004004dc r15=0xf6ffe18c +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +Unhandled trap: 0x180 +FAIL test-fmaf2 (exit status: 1) + +FAIL: test-ldexpf +================= + +pc=0xf669efa0 sr=0x00000001 pr=0xf669ef9a fpscr=0x00080000 +spc=0x00000000 ssr=0x00000000 gbr=0xf6674678 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf669ef9a fpul=0x3f99999a +r0=0xfffffdc6 r1=0x000c9d70 r2=0x00080000 r3=0x3f19999a +r4=0x0019999a r5=0x3f19999a r6=0xffffffe9 r7=0x7f800000 +r8=0x00000001 r9=0x0040041c r10=0xf6ffe23c r11=0x00000000 +r12=0xf67a8c58 r13=0x00000000 r14=0x00000000 r15=0xf6ffe218 +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +Unhandled trap: 0x180 +FAIL test-ldexpf (exit status: 1) + +FAIL: test-logbf +================ + +pc=0xf675842c sr=0x00000001 pr=0x00400664 fpscr=0x00080000 +spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf6758422 fpul=0x00000000 +r0=0xf6758480 r1=0x00000000 r2=0x00080000 r3=0x00080000 +r4=0x00000000 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00000000 +r8=0xf6ffe24c r9=0x0040054c r10=0x00000000 r11=0x00000000 +r12=0xf671dc58 r13=0x00000000 r14=0x00000000 r15=0xf6ffe244 +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +Unhandled trap: 0x180 +FAIL test-logbf (exit status: 1) + +FAIL: test-round2 +================= + +FAIL test-round2 (exit status: 1) + +FAIL: test-roundf2 +================== + +FAIL test-roundf2 (exit status: 1) + +FAIL: test-sinhf +================ + +pc=0xf675581c sr=0x00000101 pr=0xf675a784 fpscr=0x00080000 +spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf6755858 fpul=0x3f19999a +r0=0xf6755930 r1=0x317fffff r2=0x3f19999a r3=0xf6ffe2c0 +r4=0x00000001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00000000 +r8=0x3f19999a r9=0x00000000 r10=0x00000000 r11=0x00000000 +r12=0xf67ab008 r13=0x00000000 r14=0x00000000 r15=0xf6ffe238 +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +in conditional delay slot (delayed_pc=0xf6755858) +Unhandled trap: 0x1a0 +FAIL test-sinhf (exit status: 1) + +FAIL: test-tanhf +================ + +pc=0xf6758ca4 sr=0x00000100 pr=0x0040057c fpscr=0x00080000 +spc=0x00000000 ssr=0x00000000 gbr=0xf65e98e8 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf6758c9a fpul=0x3f19999a +r0=0xf6758d00 r1=0x00000000 r2=0x00080000 r3=0xf6ffe2c0 +r4=0x00000001 r5=0xf6ffe2f4 r6=0xf6ffe2fc r7=0x00000000 +r8=0x3f19999a r9=0x00000000 r10=0x00000000 r11=0x00000000 +r12=0xf67ab008 r13=0x00000000 r14=0x00000000 r15=0xf6ffe254 +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +Unhandled trap: 0x180 +FAIL test-tanhf (exit status: 1) + + +I don't have access to sh4 hardware, so I cannot provide this as a comparison point. +But most of the test failures don't look like "merely" a wrong computation by glibc. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1713066 b/results/classifier/deepseek-r1:32b/output/instruction/1713066 new file mode 100644 index 000000000..dc59a9d52 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1713066 @@ -0,0 +1,22 @@ + + + +Incorrect handling of aarch64 ldp in some cases + +In some cases the ldp instruction (and presumably other multi-register loads and stores) can behave incorrectly. + +Given the following instruction: +ldp x0, x1, [x0] + +This will load two 64 bit values from memory, however if each location to load is on a different page and the second page is unmapped this will raise an exception. When this happens x0 has already been updated so after the exception handler has run the operating system will try to rerun the instruction. QEMU will now try to perform an invalid load and raise a new exception. + +I believe this is incorrect as section D.1.14.5 of the ARMv8 reference manual B.a states that, on taking an exception, registers used in the generation of addresses are restored to their initial value, so x0 shouldn't be changed, where x1 can be un an unknown state. + +I found the issue running FreeBSD with the cortex-strings implementation of memcpy. This uses a similar instruction when copying between 64 and 96 bytes. + +I've observed this on: +QEMU emulator version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.14), Copyright (c) 2003-2008 Fabrice Bellard + +And checked I still get the same behaviour on: +QEMU emulator version 2.9.94 (v2.10.0-rc4-dirty) +Git revision: 248b23735645f7cbb503d9be6f5bf825f2a603ab \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1722 b/results/classifier/deepseek-r1:32b/output/instruction/1722 new file mode 100644 index 000000000..c35957aa5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1722 @@ -0,0 +1,90 @@ + + + +qemu-mipsn32: Illegal Instruction at `exts` instruction +Description of problem: +Run with the command above, I got this error: + +``` +qemu-mipsn32 run +qemu: uncaught target signal 4 (Illegal instruction) - core dumped +Illegal instruction (core dumped) +``` + +I then tried to debug the program with qemu option `-g 1234` and know that + +``` +$ gdb-multiarch run +... + +pwndbg> target remote 0:1234 +... + +pwndbg> c +Continuing. + +Program received signal SIGILL, Illegal instruction. +0x3f7d2434 in ?? () from /lib32/ld.so.1 +warning: GDB can't find the start of the function at 0x3f7d2434. +x/10i + +pwndbg> x/10i $pc +=> 0x3f7d2434: 0x7047f03a + 0x3f7d2438: lui a3,0x7000 + 0x3f7d243c: ori a3,a3,0x5e + 0x3f7d2440: b 0x3f7d241c + 0x3f7d2444: subu v0,a3,v0 + 0x3f7d2448: sltiu a7,a3,-3 + 0x3f7d244c: bnezl a7,0x3f7d246c + 0x3f7d2450: subu a3,a4,v0 + 0x3f7d2454: addiu a3,a3,1 + 0x3f7d2458: li v0,-4 +``` + +So I know the problem is in libc32/ld.so.1. When I dissasemble that file and look at offset 0x4434, it's an `exts` instruction as below: + +``` +$ file /lib32/ld.so.1 +/lib32/ld-2.15.so: ELF 32-bit MSB shared object, MIPS, N32 MIPS64 rel2 version 1 (SYSV), dynamically linked, stripped + +$ ./mips64-n32--glibc--stable-2022.08-1/bin/mips64-buildroot-linux-gnu-objdump -d /lib32/ld.so.1 | less + ... + 4434: 7047f03a exts a3,v0,0x0,0x1e + 4438: 3c077000 lui a3,0x7000 + 443c: 34e7005e ori a3,a3,0x5e + 4440: 1000fff6 b 441c <GLIBC_2.0@@GLIBC_2.0+0x441c> + 4444: 00e21023 subu v0,a3,v0 + 4448: 2cebfffd sltiu a7,a3,-3 + 444c: 55600007 bnezl a7,446c <GLIBC_2.0@@GLIBC_2.0+0x446c> + 4450: 01023823 subu a3,a4,v0 + 4454: 24e70001 addiu a3,a3,1 + 4458: 2402fffc li v0,-4 +``` +Steps to reproduce: +1. Download toolchain of mips64-n32 on toolchains.bootlin.com [here](https://toolchains.bootlin.com/releases_mips64-n32.html) +2. Write this c code to file `run.c`: + +```c +#include <stdio.h> + +int main(){ + puts("hello world"); + while (1); +} +``` + +3. Compile file run.c with downloaded toolchain: + +``` +mips64-n32--glibc--stable-2022.08-1/bin/mips64-buildroot-linux-gnu-gcc run.c -o run +``` + +> Step 1, 2 and 3 can be skip if you download the attached `run` file. + +4. Download the attached ld +5. Make new dir at `/lib32` and move the file ld to `/lib32` +6. Run command `qemu-mipsn32 run` +Additional information: +[ld-2.15.so](/uploads/95f4da26e42d43d39aa2350670134bb5/ld-2.15.so) + +[run](/uploads/01be57442009a75cf2f59cbcf53474f4/run) diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1727737 b/results/classifier/deepseek-r1:32b/output/instruction/1727737 new file mode 100644 index 000000000..9b47ff8e2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1727737 @@ -0,0 +1,28 @@ + + + +qemu-arm stalls on a GCC sanitizer test since qemu-2.7 + +Hi, + +I have noticed that several GCC/sanitizer tests fail with timeout when executed under QEMU. + +After a bit of investigation, I have noticed that this worked with qemu-2.7, and started failing with qemu-2.8, and still fails with qemu-2.10.1 + +I'm attaching a tarball containing: +alloca_instruments_all_paddings.exe : the testcase, and the needed libs: +lib/librt.so.1 +lib/libdl.so.2 +lib/ld-linux-armhf.so.3 +lib/libasan.so.5 +lib/libc.so.6 +lib/libgcc_s.so.1 +lib/libpthread.so.0 +lib/libm.so.6 + +To reproduce the problem: +$ qemu-arm -cpu any -R 0 -L $PWD $PWD/alloca_instruments_all_paddings.exe +returns in less than a second with qemu-2.7, and never with qemu-2.8 + +Using -d in_asm suggests that the program "almost" completes and qemu seems to stall on: +0x40b6eb44: e08f4004 add r4, pc, r4 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1737 b/results/classifier/deepseek-r1:32b/output/instruction/1737 new file mode 100644 index 000000000..9ee7e33cc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1737 @@ -0,0 +1,52 @@ + + + +qemu-aarch64: Incorrect result for ssra instruction when using vector lengths of 1024-bit or higher. +Description of problem: +``` +#include <arm_sve.h> +#include <stdio.h> + +#define SZ 32 + +int main(int argc, char* argv[]) { + svbool_t pg = svptrue_b64(); + uint64_t VL = svcntd(); + + fprintf(stderr, "One SVE vector can hold %li uint64_ts\n", VL); + + int64_t sr[SZ], sx[SZ], sy[SZ]; + uint64_t ur[SZ], ux[SZ], uy[SZ]; + + for (uint64_t i = 0; i < SZ; ++i) { + sx[i] = ux[i] = 0; + sy[i] = uy[i] = 1024; + } + + for (uint64_t i = 0; i < SZ; i+=VL) { + fprintf(stderr, "Processing elements %li - %li\n", i, i + VL - 1); + + svint64_t SX = svld1(pg, sx + i); + svint64_t SY = svld1(pg, sy + i); + svint64_t SR = svsra(SX, SY, 4); + svst1(pg, sr + i, SR); + + svuint64_t UX = svld1(pg, ux + i); + svuint64_t UY = svld1(pg, uy + i); + svuint64_t UR = svsra(UX, UY, 4); + svst1(pg, ur + i, UR); + } + + for (uint64_t i = 0; i < SZ; ++i) { + fprintf(stderr, "sr[%li]=%li, ur[%li]\n", i, sr[i], ur[i]); + } + + return 0; +} +``` +Steps to reproduce: +1. Build the above C source using "gcc -march=armv9-a -O1 ssra.c", can also use clang. +2. Run with "qemu-aarch64 -cpu max,sve-default-vector-length=64 ./a.out" and you'll see the expected result of 64 (signed and unsigned) +3. Run with "qemu-aarch64 -cpu max,sve-default-vector-length=128 ./a.out" and you'll see the expected result of 64 for unsigned but the signed result is 0. This suggests the emulation of SVE2 ssra instruction is incorrect for this and bigger vector lengths. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1738434 b/results/classifier/deepseek-r1:32b/output/instruction/1738434 new file mode 100644 index 000000000..3a255ebc4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1738434 @@ -0,0 +1,31 @@ + + + +CALL FWORD PTR [ESP] handled incorrectly + +To keep the story short, this 32-bit code crashes on 64-bit Windows whereas it works fine on real system and VMware: + + push 33h + push offset _far_call + call fword ptr[esp] + jmp _ret +_far_call: + retf +_ret: + +32-bit code running under WoW64 on 64-bit Windows has the ability to switch to the 64-bit mode via so called "Heaven's gate". In order to do that you have to make a far call/jmp by 0x33 selector how the code snippet above shows. QEMU throws an access violation exception whereas the code snippet runs with no problems on real CPU and VMware. By the way, this code works fine under QEMU, I hope it gives you a hint where to look: + + push 23h + push offset _far_call + call fword ptr[esp] + jmp _ret +_far_call: + retf +_ret: + +0x23 is a default 32-bit selector for 32-bit processes running under WoW64. + +Environment: +QEMU: 2.10.93, command line: qemu-system-x86_64.exe -m 2G -snapshot -cdrom full_path_to_iso fullP_path_to_img +Guest OS: Windows 7 x64 SP1 build 7601 or Windows 10 version 1709 build 16299.19 +Host OS: Windows 10 x64 version 1703 build 15063.786 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1748296 b/results/classifier/deepseek-r1:32b/output/instruction/1748296 new file mode 100644 index 000000000..73411abc8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1748296 @@ -0,0 +1,28 @@ + + + +TCG throws Invalid Opcode when executing x86 BMI shlx instruction + +I am unable to use BMI in my project when running under TCG. I narrowed the problem down to incorrect instruction decoding for BMI instructions (which have a 2 byte VEX prefix). The gen_sse function in translate.c reaches the goto label do_0f_38_fx, but b does not equal 0x1f7, 0x2f7, or 0x3f7, so the switch takes the default path and raises an invalid opcode exception. + +The code executes correctly and passes the test under KVM. + +I have created a complete repro here: https://github.com/doug65536/qemu-bmibug + +The makefile has the following utility targets: + +debug-kvm: Build and run the VM using KVM and wait for gdbstub attach + +run: Run the test case with TCG, make fails if the test fails. (It will fail) + +run-kvm: Run the test case with KVM, make fails if the test fails. (It will succeed) + +debug: Build and run the VM with TCG and wait for GDB attach + +attach-gdb: Run GDB and attach to KVM gdbstub + +The VM runs with -cpu max. CPUID reports support for BMI, BMI2, and ABM. + +You can quickly verify the issue by executing `make run-kvm` to confirm that KVM passes, then `make run` to confirm that TCG fails. + +I believe the bug affects other BMI, BMI2, and ABM instructions, but I have only completely verified incorrect execution of SHLX. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1751422 b/results/classifier/deepseek-r1:32b/output/instruction/1751422 new file mode 100644 index 000000000..81442661b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1751422 @@ -0,0 +1,7 @@ + + + +some instructions translate error in x86 + +There is some instructions translation error on target i386 in many versions, such as 2.11.1, 2.10.2, 2.7.1 and so on. +The error translation instructions include les, lds. I has got a patch, but I have no idea how to apply it. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1771 b/results/classifier/deepseek-r1:32b/output/instruction/1771 new file mode 100644 index 000000000..818e547e8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1771 @@ -0,0 +1,36 @@ + + + +Missing CASA instruction handling for SPARC qemu-user +Description of problem: +Qemu-sparc does not handle the CASA instruction, even if the selected CPU (in this case, LEON3) support it. +Steps to reproduce: +1. Launch a program that use CASA instruction (any program, also "ls" on a recent glibc [>=2.31]) +2. qemu-sparc will raise "Illegal instruction" +Additional information: +The following patch remove the missing handling, but it needs asi load/store that is not implemented for sparc32 user-space. + +``` +diff -urp qemu-20230327.orig/target/sparc/translate.c qemu-20230327/target/sparc/translate.c +--- qemu-20230327.orig/target/sparc/translate.c 2023-03-27 15:41:42.000000000 +0200 ++++ qemu-20230327/target/sparc/translate.c 2023-04-01 15:24:18.293176711 +0200 +@@ -5521,7 +5522,7 @@ static void disas_sparc_insn(DisasContex + case 0x37: /* stdc */ + goto ncp_insn; + #endif +-#if !defined(CONFIG_USER_ONLY) || defined(TARGET_SPARC64) ++//#if !defined(CONFIG_USER_ONLY) || defined(TARGET_SPARC64) + case 0x3c: /* V9 or LEON3 casa */ + #ifndef TARGET_SPARC64 + CHECK_IU_FEATURE(dc, CASA); +@@ -5529,8 +5530,8 @@ static void disas_sparc_insn(DisasContex + rs2 = GET_FIELD(insn, 27, 31); + cpu_src2 = gen_load_gpr(dc, rs2); + gen_cas_asi(dc, cpu_addr, cpu_src2, insn, rd); ++//#endif + break; +-#endif + default: + goto illegal_insn; + } +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1780 b/results/classifier/deepseek-r1:32b/output/instruction/1780 new file mode 100644 index 000000000..dd71873ae --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1780 @@ -0,0 +1,20 @@ + + + +PowerPC mishandles xscmpudp instruction +Description of problem: +xscmpudp instruction is mishandled +Steps to reproduce: +1. Compile the attached program with VSX (e.g. `RUSTFLAGS=-Ctarget-feature=+vsx cargo build --target=powerpc64-unknown-linux-gnu`) +2. Run the program and expect assertions to pass. +3. See assertions fail. +Additional information: +When VSX is disabled, the `fcmpu` instruction is emitted instead (and handled properly). See the offending program: +``` +pub fn main() { + use std::hint::black_box; + assert!(black_box(f64::NAN) + .clamp(black_box(0f64), black_box(0f64)) + .is_nan()); +} +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1781281 b/results/classifier/deepseek-r1:32b/output/instruction/1781281 new file mode 100644 index 000000000..d358dc7b7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1781281 @@ -0,0 +1,31 @@ + + + +qemu-ppc64le uncaught target signal 4 (Illegal instruction) + +qemu-ppc64le version 2.12.0 +host machine: x86_64 Arch Linux + +I'm currently working on VSX support in libVPX, I'm using qemu to test, on line 723 of vpx_dsp/ppc/loopfilter_vsx.c, when I change the vec_sub to vec_subs I get: + +qemu: uncaught target signal 4 (Illegal instruction) - core dumped + +Thread 1 "qemu-ppc64le" received signal SIGILL, Illegal instruction. +0x00007ffff66d1bf6 in sigsuspend () from /usr/lib/libc.so.6 +(gdb) bt +#0 0x00007ffff66d1bf6 in sigsuspend () from /usr/lib/libc.so.6 +#1 0x000055555567ee68 in ?? () +#2 0x000055555567fd18 in ?? () +#3 0x00005555556805ef in process_pending_signals () +#4 0x0000555555661e69 in cpu_loop () +#5 0x000055555561fd72 in main () + +This can be reproduced by downloading this patch (patchset 1): + +https://chromium-review.googlesource.com/c/webm/libvpx/+/1134034 + +and running + +qemu-ppc64le -L /home/ltrudeau/x-tools/powerpc64le-unknown-linux-gnu/powerpc64le-unknown-linux-gnu/sysroot/ ./test_libvpx --gtest_also_run_disabled_tests "--gtest_filter=VSX/*Loop*/*" + +I don't observe any issues when running the code on a POWER9 machine. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1790 b/results/classifier/deepseek-r1:32b/output/instruction/1790 new file mode 100644 index 000000000..5d081e59e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1790 @@ -0,0 +1,32 @@ + + + +[AARCH64] STGP instruction is not writing the value of the second register to memory +Description of problem: +My application is built with Clang 16 and the option -fsanitize=memtag-stack. +It means the the MTE protection is activated for the stack. +The local variables are tagged and the compiler is often using the STGP instruction "Store Allocation Tag and Pair of registers" in order to transfer the value of two 64-bit registers to memory. +The following instruction was not working as expected: + 18004: 69000895 stgp x21, x2, [x4] +The value of the second register x2 is not transferred to the memory. +Only x21 is written. + +I think that the issue is in trans_STGP(). +We don't call finalize_memop_pair() like we do for in the general trans_STP(). + +``` +diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c +index 7d0c8f79a7..f599f3e136 100644 +--- a/target/arm/tcg/translate-a64.c ++++ b/target/arm/tcg/translate-a64.c +@@ -3034,6 +3034,8 @@ static bool trans_STGP(DisasContext *s, arg_ldstpair *a) + + tcg_rt = cpu_reg(s, a->rt); + tcg_rt2 = cpu_reg(s, a->rt2); ++ mop = a->sz + 1; ++ mop = finalize_memop_pair(s, mop); + + assert(a->sz == 3); +``` + +With this fix, my OS (Kinibi) is now able to boot. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1793119 b/results/classifier/deepseek-r1:32b/output/instruction/1793119 new file mode 100644 index 000000000..9990b2c6d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1793119 @@ -0,0 +1,32 @@ + + + +Wrong floating-point emulation on AArch64 with FPCR set to zero + +On AArch64, with FPCR set to Zero (i.e., FPU set to IEEE-754 compliant mode), floating-point emulation does not produce the same results as real hardware (e.g., Raspberry Pi 3 with AArch64 Linux). + +I attached a sample that reproduces the issue. It divides `x` by `y` and puts the result in `r`. The expected result of the operation is `q`. + +Output on real hardware: +========================================================= +fpcr = 0x07000000. +x = 0x03250f416dcdc6d0. y = 0x00029f4e5837c977. r = 0x7ff0000000000000. q = 0x43300fde9cbcf023. +fpcr = 0x00000000. +x = 0x03250f416dcdc6d0. y = 0x00029f4e5837c977. r = 0x43300fde9cbcf023. q = 0x43300fde9cbcf023. +========================================================= + +Notice that after setting FPCR to zero, `r` equals `q`. + +Output on qemu 3.0.0 (Linux user-mode emulation): +========================================================= +fpcr = 0x07000000. +x = 0x03250f416dcdc6d0. y = 0x00029f4e5837c977. r = 0x7ff0000000000000. q = 0x43300fde9cbcf023. +fpcr = 0x00000000. +x = 0x03250f416dcdc6d0. y = 0x00029f4e5837c977. r = 0x43300fde9cbcf024. q = 0x43300fde9cbcf023. +========================================================= + +Notice that after setting FPCR to zero, `r` is not equal to `q`. + +Also notice that, using another proprietary operating system, the same issue arises between a real board and QEMU. This might be an issue in emulation of the AArch64 instruction "fdiv". + +Build command line: aarch64-linux-gnu-gcc -static -O0 -o sample1 sample1.c \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1793608 b/results/classifier/deepseek-r1:32b/output/instruction/1793608 new file mode 100644 index 000000000..e865e400c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1793608 @@ -0,0 +1,19 @@ + + + +qemu doesn't seem to support lxvwsx for POWER9 target + +When running a simple program built for POWER9 on QEMU 3.0.0 in linux-user mode, it crashes with a message: "illegal instruction". It turns out that lxvwsx instruction "Load Word and Splat Indexed" is not supported. If workaround is implemented by issuing two separate instructions (first load then splat) then all tests pass correctly. + +Operating system: Ubuntu Mate 16.04.2 64-bit (or Linux Mint 18 64-bit). +Cross-compiler for gcc-powerpc64le-linux-gnu is installed (gcc-5 series). +QEMU 3.0.0 is built from source and installed with: sudo make install + +The program in question: https://github.com/VectorChief/UniSIMD-assembler +Turn off the workaround: RT_ELEM_COMPAT_PW9 should be set to 1 in the following file: +https://github.com/VectorChief/UniSIMD-assembler/blob/master/core/config/rtarch_p32_128x1v2.h + +Change to the "test" directory and type "make -f simd_make_p64.mk". +powerpc64le-linux-gnu-objdump -d simd_test.p64_32Lp9 > simd_test_p64_32Lp9.txt +Open newly created text file simd_test_p64_32Lp9.txt and search for lxvwsx (in s_test01, ...) +The instruction shows up in objdump correctly. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1806243 b/results/classifier/deepseek-r1:32b/output/instruction/1806243 new file mode 100644 index 000000000..d3250c600 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1806243 @@ -0,0 +1,87 @@ + + + +ARM conditional branch after if-then instruction not working + +Hello + +There seems to be an issue with QEMU when debugging if-then condition blocks from the thumb2 instruction set. The following snippet runs fine during normal execution, but keeps hanging at the conditional branch when debugging. The jump at the branch should only be executed as long as $r0 is lower than $r1. Problem is that once both are equal, the execution is not continued past the branch and the program counter never gets popped. + +2000407a: push {lr} +2000407c: movs r0, r6 +2000407e: ldmia r7!, {r1, r6} +20004080: push {r0, r1} +20004082: str.w r6, [r7, #-4]! +20004086: ldr r6, [sp, #0] +20004088: pop {r0, r1} +2000408a: adds r0, #1 +2000408c: cmp r0, r1 +2000408e: itt lt +20004090: pushlt {r0, r1} +20004092: blt.w 0x20004082 ; unpredictable <IT:lt> // <-- GDB hangs here +20004096: pop {pc} + +I have tried to reproduce the problem with inline assembly but for some reason the following example just worked: + +void f() { + static uint8_t stack[256]{}; + stack[255] = 4; + + asm volatile("\n\t" + "push {lr}" + "\n\t" + + // pre-conditions + "movs r7, %[stack]" + "\n\t" + "movs r6, #1" + "\n\t" + + "movs r0, r6" + "\n\t" + "ldmia r7!, {r1, r6}" + "\n\t" + "push {r0, r1}" + "\n\t" + "1:" + "\n\t" + "str.w r6, [r7, #-4]!" + "\n\t" + "ldr r6, [sp, #0]" + "\n\t" + "pop {r0, r1}" + "\n\t" + "adds r0, #1" + "\n\t" + "cmp r0, r1" + "\n\t" + "itt lt" + "\n\t" + "pushlt {r0, r1}" + "\n\t" + + // Original instruction + //"blt.w 0x20004082" // ; unpredictable <IT:lt> + + // Trying to fake it + "blt.w 1b" + "\n\t" + + "pop {pc}" + "\n\t" + : + : [stack] "r"(&stack[255])); +} + +The only real major difference I see to the other code snipped is that the inline assembly is running from flash memory where as the original code runs in ram? Maybe that's a clue somehow? + +Quickly reading through already reported ARM bugs I think this might be related: +https://bugs.launchpad.net/qemu/+bug/1364501 +At least the symptoms sound identical. + + +The versions I'm running are: +QEMU 3.0.0 +arm-none-eabi-gdb 8.2 + +I've also captured some trace output for single stepping from the pushlt to the blt.w instruction with the trace arguments unimp, guest_errors, op, int, exec. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1815024 b/results/classifier/deepseek-r1:32b/output/instruction/1815024 new file mode 100644 index 000000000..7376befa4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1815024 @@ -0,0 +1,18 @@ + + + +SIGILL on instruction "stck" under qemu-s390x in user mode + +qemu-s390x in user mode crashes with SIGILL (under host architecture x86_64, running Debian unstable) when executing target instruction "stck" ("STORE CLOCK", see https://www-01.ibm.com/support/docview.wss?uid=isg26480faec85f44e2385256d5200627dee&aid=1), which is basically a kind of equivalent of Intel "rdtsc". The same instruction works fine under qemu-s390x in system mode. The bug is reproducible with both the qemu version distributed in Debian unstable and with the latest upstream master (commit 47994e16b1d66411953623e7c0bf0cdcd50bd507). + +This bug manifested itself as a crash of ssh-keygen program, which uses "stck" to obtain some bits of randomness during key creation. Bisection of the code led to the attached minimal example. Compile with (inside an s390x system): + + $ gcc -c -o test.o test.c + $ gcc -c -o rdtsc.o rdtsc.S + $ gcc -o test test.o rdtsc.o + +Then run test. It will crash with SIGILL in user mode and run fine in system mode. Also, compare with the original file at https://github.com/openssl/openssl/blob/master/crypto/s390xcpuid.pl#L139 (there the instruction "stckf" is also used; it is probable that it has the same problem if it is supported altogether, but it did not test for this). + +Running qemu-s390x with options -d in_asm,out_asm,op,op_opt,exec,nochain,cpu gives the trace attached in log.txt. + +Thanks, Giovanni. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1818075 b/results/classifier/deepseek-r1:32b/output/instruction/1818075 new file mode 100644 index 000000000..7eb43be42 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1818075 @@ -0,0 +1,56 @@ + + + +qemu x86 TCG doesn't support AVX insns + +I'm trying to execute code that has been built with -march=skylake -mtune=generic -mavx2 under qemu-user x86-64 with -cpu Skylake-Client. However this code just hangs at 100% CPU. + +Adding input tracing shows that it is likely hanging when dealing with an AVX instruction: + +warning: TCG doesn't support requested feature: CPUID.01H:ECX.fma [bit 12] +warning: TCG doesn't support requested feature: CPUID.01H:ECX.pcid [bit 17] +warning: TCG doesn't support requested feature: CPUID.01H:ECX.x2apic [bit 21] +warning: TCG doesn't support requested feature: CPUID.01H:ECX.tsc-deadline [bit 24] +warning: TCG doesn't support requested feature: CPUID.01H:ECX.avx [bit 28] +warning: TCG doesn't support requested feature: CPUID.01H:ECX.f16c [bit 29] +warning: TCG doesn't support requested feature: CPUID.01H:ECX.rdrand [bit 30] +warning: TCG doesn't support requested feature: CPUID.07H:EBX.hle [bit 4] +warning: TCG doesn't support requested feature: CPUID.07H:EBX.avx2 [bit 5] +warning: TCG doesn't support requested feature: CPUID.07H:EBX.invpcid [bit 10] +warning: TCG doesn't support requested feature: CPUID.07H:EBX.rtm [bit 11] +warning: TCG doesn't support requested feature: CPUID.07H:EBX.rdseed [bit 18] +warning: TCG doesn't support requested feature: CPUID.80000001H:ECX.3dnowprefetch [bit 8] +warning: TCG doesn't support requested feature: CPUID.0DH:EAX.xsavec [bit 1] + +IN: +0x4000b4ef3b: c5 fb 5c ca vsubsd %xmm2, %xmm0, %xmm1 +0x4000b4ef3f: c4 e1 fb 2c d1 vcvttsd2si %xmm1, %rdx +0x4000b4ef44: 4c 31 e2 xorq %r12, %rdx +0x4000b4ef47: 48 85 d2 testq %rdx, %rdx +0x4000b4ef4a: 79 9e jns 0x4000b4eeea + +[ hangs ] + +Attaching a gdb produces this stacktrace: + +(gdb) bt +#0 canonicalize (status=0x55a20ff67a88, parm=0x55a20bb807e0 <float64_params>, part=...) + at /data/poky-tmp/master/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/fpu/softfloat.c:350 +#1 float64_unpack_canonical (s=0x55a20ff67a88, f=0) + at /data/poky-tmp/master/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/fpu/softfloat.c:547 +#2 float64_sub (a=0, b=4890909195324358656, status=0x55a20ff67a88) + at /data/poky-tmp/master/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/fpu/softfloat.c:776 +#3 0x000055a20baa1949 in helper_subsd (env=<optimized out>, d=0x55a20ff67ad8, s=<optimized out>) + at /data/poky-tmp/master/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/target/i386/ops_sse.h:623 +#4 0x000055a20cfcfea8 in static_code_gen_buffer () +#5 0x000055a20ba3f764 in cpu_tb_exec (itb=<optimized out>, cpu=0x55a20cea2180 <static_code_gen_buffer+15684720>) + at /data/poky-tmp/master/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/accel/tcg/cpu-exec.c:171 +#6 cpu_loop_exec_tb (tb_exit=<synthetic pointer>, last_tb=<synthetic pointer>, tb=<optimized out>, + cpu=0x55a20cea2180 <static_code_gen_buffer+15684720>) + at /data/poky-tmp/master/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/accel/tcg/cpu-exec.c:615 +#7 cpu_exec (cpu=cpu@entry=0x55a20ff5f4d0) + at /data/poky-tmp/master/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/accel/tcg/cpu-exec.c:725 +#8 0x000055a20ba6d728 in cpu_loop (env=0x55a20ff67780) + at /data/poky-tmp/master/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/x86_64/../i386/cpu_loop.c:93 +#9 0x000055a20ba049ff in main (argc=<optimized out>, argv=0x7ffc58572868, envp=<optimized out>) + at /data/poky-tmp/master/work/x86_64-linux/qemu-native/3.1.0-r0/qemu-3.1.0/linux-user/main.c:819 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1820686 b/results/classifier/deepseek-r1:32b/output/instruction/1820686 new file mode 100644 index 000000000..a141dce7d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1820686 @@ -0,0 +1,8 @@ + + + +risc-v: 'c.unimp' instruction decoded as 'c.addi4spn fp, 0' + +QEMU 3.1 incorrectly decodes the "c.unimp" instruction (opcode 0x0000) as an "addi4spn fp, 0" when either of the two following bytes are non-zero. This is because the ctx->opcode value used when decoding the instruction is actually filled with a 32-bit load (to handle normal uncompressed instructions) but when a compressed instruction is found only the low 16 bits are valid. Other reserved/illegal bit patterns with the addi4spn opcode are also incorrectly decoded. + +I believe that the switch to decodetree on master happened to fix this issue, but hopefully it is helpful to have this recorded somewhere. I've included a simple one line patch if anyone wants to backport this. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1821430 b/results/classifier/deepseek-r1:32b/output/instruction/1821430 new file mode 100644 index 000000000..da8071c4c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1821430 @@ -0,0 +1,35 @@ + + + +qemu-user-arm (4.0.0-rc0) crashes + +I'm using qemu-user-arm for crosscompilation needs, usually via a wrapper. +qemu-user-arm (4.0.0-rc0) crashes with SIGILL on at least 2 instructions: + +first case (sadly I don't have more data handy, can reproduce at a later time if needed): +(gdb) x/i $pc +=> 0xfffce314: vseleq.f64 d0, d17, d0 + +second case (llvm-config): +qemu cmdline: +qemu-arm -strace -cpu max -r 5.0.0 -L /home/asavah/kross/build/rpi3/rootfs -E LD_LIBRARY_PATH=/home/asavah/kross/build/rpi3/rootfs/usr/bin:/home/asavah/kross/build/rpi3/rootfs/usr/lib /home/asavah/kross/build/rpi3/rootfs/usr/bin/llvm-config --shared-mode + +--- SIGILL {si_signo=SIGILL, si_code=2, si_addr=0xf9f89f80} --- +qemu: uncaught target signal 4 (Illegal instruction) - core dumped + +output from gdb(arm) attached to qemu-user-arm +Program received signal SIGILL, Illegal instruction. +0xf9f77f80 in ?? () +(gdb) bt +#0 0xf9f77f80 in ?? () +#1 0xfffd796c in ?? () +Backtrace stopped: previous frame identical to this frame (corrupt stack?) +(gdb) x/i $pc +=> 0xf9f77f80: vrintm.f64 d18, d18 + + +The very same binaries when run with qemu-user-arm 3.1.0 (both from ubuntu 19.04 package and self built) +work flawlessly. + +This is clearly a regression. +Please fix before releasing 4.0.0. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1821444 b/results/classifier/deepseek-r1:32b/output/instruction/1821444 new file mode 100644 index 000000000..572d8a990 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1821444 @@ -0,0 +1,32 @@ + + + +qemu-ppc (user) incorrectly translates float32 arithmetics + +I'm using qemu-3.1.0 (Gentoo). + +When I was running regression test suite via qemu-ppc for GHC I noticed a few uint32_t<->float32 failures I did not expect to encounter. + +Here is an example + +$ cat a.c +#include <stdio.h> +#include <stdint.h> + +int main() { + volatile uint32_t i = 1; + printf("0x1 = %e\n", *(volatile float*)&i); +} + +$ powerpc-unknown-linux-gnu-gcc -O2 a.c -Wall -o a -fno-strict-aliasing -fno-stack-protector -static && ./a +0x1 = 2.802597e-45 + +$ scp a timberdoodle.ppc64.dev.gentoo.org:~/ +a 100% 826KB 102.0KB/s 00:08 + +$ ssh timberdoodle.ppc64.dev.gentoo.org ./a +0x1 = 1.401298e-45 +$ qemu-ppc ./a +0x1 = 2.802597e-45 + +Looks like off-by-one bit somewhere. I'm not sure if it's FPU instruction or some internals of printf() that are emulated incorrectly. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1824344 b/results/classifier/deepseek-r1:32b/output/instruction/1824344 new file mode 100644 index 000000000..de20fccdf --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1824344 @@ -0,0 +1,48 @@ + + + +x86: retf or iret pagefault sets wrong error code + +With a x86_64 or i386 guest, non-KVM, when trying to execute a +"iret/iretq/retf" instruction in userspace with invalid stack pointer +(under a protected mode OS, like Linux), wrong bits are set in the +pushed error code; bit 2 is not set, indicating the error comes from +kernel space. + +If the guest OS is using this flag to decide whether this was a kernel +or user page fault, it will mistakenly decide a kernel has irrecoverably +faulted, possibly causing guest OS panic. + + +How to reproduce the problem a guest (non-KVM) Linux: +Note, on recent Linux kernel version, this needs a CPU with SMAP support +(eg. -cpu max) + +$ cat tst.c +int main() +{ +__asm__ volatile ( +"mov $0,%esp\n" +"retf" +); +return 0; +} + +$ gcc tst.c +$ ./a.out +Killed + + +"dmesg" shows the kernel has in fact triggered a "BUG: unable to handle +kernel NULL pointer dereference...", but it has "recovered" by killing +the faulting process (see attached screenshot). + + +Using self-compiled qemu from git: +commit 532cc6da74ec25b5ba6893b5757c977d54582949 (HEAD -> master, tag: v4.0.0-rc3, origin/master, origin/HEAD) +Author: Peter Maydell <email address hidden> +Date: Wed Apr 10 15:38:59 2019 +0100 + + Update version for v4.0.0-rc3 release + + Signed-off-by: Peter Maydell <email address hidden> \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1826568 b/results/classifier/deepseek-r1:32b/output/instruction/1826568 new file mode 100644 index 000000000..cebbffe97 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1826568 @@ -0,0 +1,16 @@ + + + +RISC-V Disassembler/translator instruction decoding disagreement + + +When running QEMU V3.1.0 for platform RISC-V, 64bit, Spike V1.10 with "-d in_asm -singlestep -D qemu_log.txt", my (faulty) test code brought up this message in the logs: + + 0x000000008002cade: 051300009517e2bf illegal + Disassembler disagrees with translator over instruction decoding + Please report this to <email address hidden> + + +You may want to resolve the disagreement. + +Axel \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1828867 b/results/classifier/deepseek-r1:32b/output/instruction/1828867 new file mode 100644 index 000000000..a17fd5b58 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1828867 @@ -0,0 +1,11 @@ + + + +QEmu translation is incorrect when using REX in combination with LAHF/SAHF + +When translating code that is using LAHF and SAHF in combination with the REX prefix then qemu translates incorrectly. +These two instructions only ever use the AH register. Contrary to other instructions where if you use REX + high bit offsets then it'll pull in rsp and a few other registers. +On hardware the REX prefix doesn't effect behaviour of these instructions at all. +QEMU incorrectly selects RSP as the register of choice here due to this combination of REX + AH register usage. + +I've attached a patch that is super terrible just so I can work around the issue locally and to sort of show off how it is to be "fixed" \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1832422 b/results/classifier/deepseek-r1:32b/output/instruction/1832422 new file mode 100644 index 000000000..eeb2facc5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1832422 @@ -0,0 +1,12 @@ + + + +SSE CMP ops with 8bit immediate throw sigill with oversized byte + +The SSE comparison ops that use an 8bit immediate as a comparison type selector throws a sigill when the immediate is oversized. + +Test op that I found this on is here `66 0f c2 c0 d1 cmppd xmm0,xmm0,0xd1` +According to the x86-64 documentation only bits [2:0] are used for these ops (and [4:0] for the AVX variant) +Currently qemu just checks if the value is >=8 and will throw a sigill in that case. It instead needs to mask. + +I have a small patch that fixes the issue for the SSE variant. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1833 b/results/classifier/deepseek-r1:32b/output/instruction/1833 new file mode 100644 index 000000000..39a745ea4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1833 @@ -0,0 +1,87 @@ + + + +ARM64 SME ST1Q incorrectly stores 9 bytes (rather than 16) per 128-bit element +Description of problem: +QEMU incorrectly stores 9 bytes instead of 16 per 128-bit element in the ST1Q SME instruction (https://developer.arm.com/documentation/ddi0602/2022-06/SME-Instructions/ST1Q--Contiguous-store-of-quadwords-from-128-bit-element-ZA-tile-slice-). It copies the first byte of the upper 64-bits, then lower the 64-bits. + +This seems to be a simple issue; I tracked it down to: +https://gitlab.com/qemu-project/qemu/-/blob/master/target/arm/tcg/sme_helper.c?ref_type=heads#L382 + +Updating that `+ 1` to a `+ 8` fixes the problem. +Steps to reproduce: +```c +#include <stdio.h> +#include <stdint.h> +#include <string.h> + +void st1q_sme_copy_test(uint8_t* src, uint8_t* dest) { + asm volatile( + "smstart sm\n" + "smstart za\n" + "ptrue p0.b\n" + "mov x12, xzr\n" + "ld1q {za0h.q[w12, 0]}, p0/z, %0\n" + "st1q {za0h.q[w12, 0]}, p0, %1\n" + "smstop za\n" + "smstop sm\n" : : "m"(*src), "m"(*dest) : "w12", "p0"); +} + +void print_first_128(uint8_t* data) { + putchar('['); + for (int i = 0; i < 16; i++) { + printf("%02d", data[i]); + if (i != 15) + printf(", "); + } + printf("]\n"); +} + +int main() { + _Alignas(16) uint8_t dest[512] = { }; + _Alignas(16) uint8_t src[512] = { }; + for (int i = 0; i < sizeof(src); i++) + src[i] = i; + puts("Before"); + printf(" src: "); + print_first_128(src); + printf("dest: "); + print_first_128(dest); + st1q_sme_copy_test(src, dest); + puts("\nAfter "); + printf(" src: "); + print_first_128(src); + printf("dest: "); + print_first_128(dest); +} +``` + +Compile with (requires at least clang ~14, tested with clang 16):<br/> +`clang ./qemu_repro.c -march=armv9-a+sme+sve -o ./qemu_repro` + +Run with:<br/> +`qemu-aarch64 -cpu max,sme=on ./qemu_repro` + +It's expected just to copy from `src` to `dest` and output: +``` +Before + src: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15] +dest: [00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00] + +After + src: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15] +dest: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15] +``` + +But currently outputs: +``` +Before + src: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15] +dest: [00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00] + +After + src: [00, 01, 02, 03, 04, 05, 06, 07, 08, 09, 10, 11, 12, 13, 14, 15] +dest: [00, 08, 09, 10, 11, 12, 13, 14, 15, 00, 00, 00, 00, 00, 00, 00] +``` +Additional information: +N/A diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1841990 b/results/classifier/deepseek-r1:32b/output/instruction/1841990 new file mode 100644 index 000000000..309b9baa5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1841990 @@ -0,0 +1,41 @@ + + + +instruction 'denbcdq' misbehaving + +Instruction 'denbcdq' appears to have no effect. Test case attached. + +On ppc64le native: +-- +gcc -g -O -mcpu=power9 bcdcfsq.c test-denbcdq.c -o test-denbcdq +$ ./test-denbcdq +0x00000000000000000000000000000000 +0x0000000000000000000000000000000c +0x22080000000000000000000000000000 +$ ./test-denbcdq 1 +0x00000000000000000000000000000001 +0x0000000000000000000000000000001c +0x22080000000000000000000000000001 +$ ./test-denbcdq $(seq 0 99) +0x00000000000000000000000000000064 +0x0000000000000000000000000000100c +0x22080000000000000000000000000080 +-- + +With "qemu-ppc64le -cpu power9" +-- +$ qemu-ppc64le -cpu power9 -L [...] ./test-denbcdq +0x00000000000000000000000000000000 +0x0000000000000000000000000000000c +0x0000000000000000000000000000000c +$ qemu-ppc64le -cpu power9 -L [...] ./test-denbcdq 1 +0x00000000000000000000000000000001 +0x0000000000000000000000000000001c +0x0000000000000000000000000000001c +$ qemu-ppc64le -cpu power9 -L [...] ./test-denbcdq $(seq 100) +0x00000000000000000000000000000064 +0x0000000000000000000000000000100c +0x0000000000000000000000000000100c +-- + +I started looking at the code, but I got confused rather quickly. Could be related to endianness? I think denbcdq arrived on the scene before little-endian was a big deal. Maybe something to do with utilizing implicit floating-point register pairs... I don't think the right data is getting to helper_denbcdq, which would point back to the gen_fprp_ptr uses in dfp-impl.inc.c (GEN_DFP_T_FPR_I32_Rc). (Maybe?) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1847467 b/results/classifier/deepseek-r1:32b/output/instruction/1847467 new file mode 100644 index 000000000..e0900ebd8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1847467 @@ -0,0 +1,19 @@ + + + +qemu-x86_64 segment prefixes error + +qemu-x86_64 version 4.1.0 (qemu-x86_64 version 4.0.0 also have the issue) + +In 64-bit mode (x86_64) the DS, ES, SS or CS segment prefixes should be ignored; qemu-x86_64 does not ignore them. + +example: an x86_64 instructions preceded by FS DS (0x64 0x26) segment prefixes have the linear address of its memory reference flat-mapped (as if DS was in action) whereas it should be FS-mapped (offset by FS_base, because the DS, ES, SS or CS are just ignored). + + +I attach a small C++ program that shows this discrepancy. + +$ ./sample +I'm not in QEMU + +$ qemu-x86_64 ./sample +I'm in QEMU \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1854738 b/results/classifier/deepseek-r1:32b/output/instruction/1854738 new file mode 100644 index 000000000..b4fa75fd3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1854738 @@ -0,0 +1,31 @@ + + + +ppc doesn't support for mttcg but ppc64 supported + +Currently ppc and ppc64abi32 doesn't suppport for mttcg, I am looking for support +``` + ppc) + gdb_xml_files="power-core.xml power-fpu.xml power-altivec.xml power-spe.xml" + ;; + ppc64) + TARGET_BASE_ARCH=ppc + TARGET_ABI_DIR=ppc + mttcg=yes + gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml power-vsx.xml" + ;; + ppc64le) + TARGET_ARCH=ppc64 + TARGET_BASE_ARCH=ppc + TARGET_ABI_DIR=ppc + mttcg=yes + gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml power-vsx.xml" + ;; + ppc64abi32) + TARGET_ARCH=ppc64 + TARGET_BASE_ARCH=ppc + TARGET_ABI_DIR=ppc + echo "TARGET_ABI32=y" >> $config_target_mak + gdb_xml_files="power64-core.xml power-fpu.xml power-altivec.xml power-spe.xml power-vsx.xml" + ;; +``` \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1859713 b/results/classifier/deepseek-r1:32b/output/instruction/1859713 new file mode 100644 index 000000000..52aabc3d9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1859713 @@ -0,0 +1,28 @@ + + + +ARM v8.3a pauth not working + +Host: Ubuntu 19.10 - x86_64 machine +QEMU version: 3a63b24a1bbf166e6f455fe43a6bbd8dea413d92 (master) + +ARMV8.3 pauth is not working well. + +With a test code containing two pauth instructions: + - paciasp that sign LR with A key and sp as context; + - autiasp that verify the signature. + +Test: + - Run the program and corrupt LR just before autiasp (ex 0x3e00000400660 instead of 0x3e000000400664) + +Expected: + - autiasp places an invalid pointer in LR + +Result: + - autiasp successfully auth the pointer and places 0x0400660 in LR. + +Further explanations: + Adding traces in qemu code shows that "pauth_computepac" is not robust enough against truncating. + With 0x31000000400664 as input of pauth_auth, we obtain "0x55b1d65b2c138e14" for PAC, "0x30" for bot_bit and "0x38" for top_bit. + With 0x310040008743ec as input of pauth (with same key), we obtain "0x55b1d65b2c138ef4" for PAC, "0x30" for bot_bit and "0x38" for top_bit. + Values of top_bit and bottom_bit are strictly the same and it should not. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1861404 b/results/classifier/deepseek-r1:32b/output/instruction/1861404 new file mode 100644 index 000000000..769be0f54 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1861404 @@ -0,0 +1,53 @@ + + + +AVX instruction VMOVDQU implementation error for YMM registers + +Hi, + +Tested with Qemu 4.2.0, and with git version bddff6f6787c916b0e9d63ef9e4d442114257739. + +The x86 AVX instruction VMOVDQU doesn't work properly with YMM registers (32 bytes). +It works with XMM registers (16 bytes) though. + +See the attached test case `ymm.c`: when copying from memory-to-ymm0 and then back from ymm0-to-memory using VMOVDQU, Qemu only copies the first 16 of the total 32 bytes. + +``` +user@ubuntu ~/Qemu % gcc -o ymm ymm.c -Wall -Wextra -Werror + +user@ubuntu ~/Qemu % ./ymm +00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 10 11 12 13 14 15 16 17 18 19 1A 1B 1C 1D 1E 1F + +user@ubuntu ~/Qemu % ./x86_64-linux-user/qemu-x86_64 -cpu max ymm +00 01 02 03 04 05 06 07 08 09 0A 0B 0C 0D 0E 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +``` + +This seems to be because in `translate.c > gen_sse()`, the case handling the VMOVDQU instruction calls `gen_ldo_env_A0` which always performs a 16 bytes copy using two 8 bytes load and store operations (with `tcg_gen_qemu_ld_i64` and `tcg_gen_st_i64`). + +Instead, the `gen_ldo_env_A0` function should generate a copy with a size corresponding to the used register. + + +``` +static void gen_sse(CPUX86State *env, DisasContext *s, int b, + target_ulong pc_start, int rex_r) +{ + [...] + case 0x26f: /* movdqu xmm, ea */ + if (mod != 3) { + gen_lea_modrm(env, s, modrm); + gen_ldo_env_A0(s, offsetof(CPUX86State, xmm_regs[reg])); + } else { + [...] +``` + +``` +static inline void gen_ldo_env_A0(DisasContext *s, int offset) +{ + int mem_index = s->mem_index; + tcg_gen_qemu_ld_i64(s->tmp1_i64, s->A0, mem_index, MO_LEQ); + tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(0))); + tcg_gen_addi_tl(s->tmp0, s->A0, 8); + tcg_gen_qemu_ld_i64(s->tmp1_i64, s->tmp0, mem_index, MO_LEQ); + tcg_gen_st_i64(s->tmp1_i64, cpu_env, offset + offsetof(ZMMReg, ZMM_Q(1))); +} +``` \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1863247 b/results/classifier/deepseek-r1:32b/output/instruction/1863247 new file mode 100644 index 000000000..06754fce8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1863247 @@ -0,0 +1,11 @@ + + + +AArch64 EXT instruction for V register does not clear MSB side bits + +On AArch64 CPU with SVE register, there seems to be a bug in the operation when executing EXT instruction to V registers. Bits above the 128 bits of the SVE register must be cleared to 0, but qemu-aarch64 seems to hold the value. + +Example +ext v0.16b, v1.16b v2.16b, 8 + +After executing above instruction, (N-1) to 128 bits of z0 register must be 0, where N is SVE register width. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1873898 b/results/classifier/deepseek-r1:32b/output/instruction/1873898 new file mode 100644 index 000000000..452c82c83 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1873898 @@ -0,0 +1,41 @@ + + + +arm linux-user: bkpt insn doesn't cause SIGTRAP + +QEMU's 32-bit arm linux-user mode doesn't correctly turn guest BKPT insns into SIGTRAP signals. Test case: + +===begin bkpt.c=== +/* test bkpt insn */ + +#include <stdlib.h> +#include <stdio.h> + +int main(void) +{ + printf("breakpoint\n"); +#ifdef __aarch64__ + __asm__ volatile("brk 0x42\n"); +#else + __asm__ volatile("bkpt 0x42\n"); +#endif + printf("done\n"); + return 0; +} +===endit=== + +Compile with +$ arm-linux-gnueabihf-gcc -g -Wall -o bkpt-aa32 bkpt.c +$ aarch64-linux-gnu-gcc -g -Wall -o bkpt-aa64 bkpt.c + +Contrast aarch64 which delivers the SIGTRAP and arm which doesn't: + +$ qemu-aarch64 bkpt-aa64 +breakpoint +qemu: uncaught target signal 5 (Trace/breakpoint trap) - core dumped +Trace/breakpoint trap (core dumped) +$ qemu-arm bkpt-aa32 +breakpoint +done + +This is because in linux-user/arm/cpu-loop.c we incorrectly treat EXCP_BKPT similarly to EXCP_SWI, which means that we actually perform a syscall (which one depends on what happens to be in r7...). This code has been like this (more or less) since commit 06c949e62a098f in 2006 which added BKPT in the first place. This is probably because at the time the same code path was used to handle both Linux syscalls and semihosting calls, and (on M profile) BKPT does imply a semihosting call. But these days we've moved handling of semihosting out to an entirely different codepath, so we can fix this bug by simply removing this handling of EXCP_BKPT and instead making it deliver a SIGTRAP like EXCP_DEBUG (as we do already on aarch64). \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1874888 b/results/classifier/deepseek-r1:32b/output/instruction/1874888 new file mode 100644 index 000000000..8a9610f12 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1874888 @@ -0,0 +1,46 @@ + + + +certain programs make QEMU crash with "tcg fatal error" + +The following code snippet crashes qemu with + +.../tcg/tcg.c:3279: tcg fatal error +qemu-x86_64: /usr/local/google/home/kostik/qemu-5.0.0-rc4/accel/tcg/cpu-exec.c:701: int cpu_exec(CPUState *): Assertion `!have_mmap_lock()' failed. + +================ +int main() { + /* +00000000 <.data>: + 0: 2e 45 71 ff cs rex.RB jno 0x3 + 4: e9 00 00 f0 00 jmp 0xf00009 + 9: c4 42 7d 31 3e vpmovzxbd ymm15,QWORD PTR [r14] + e: c4 a3 7d 08 64 82 44 vroundps ymm4,YMMWORD PTR [rdx+r8*4+0x44],0x0 + 15: 00 + 16: 0f 1e 0a nop DWORD PTR [rdx] + 19: 43 0f ec 20 rex.XB paddsb mm4,QWORD PTR [r8] + 1d: 66 47 0f 3a 0c 3d 00 rex.RXB blendps xmm15,XMMWORD PTR [rip+0x8000],0x0 # 0x8028 + 24: 80 00 00 00 + 28: c4 e3 f9 df 5f 86 0d vaeskeygenassist xmm3,XMMWORD PTR [rdi-0x7a],0xd + 2f: c4 e2 55 92 74 fc 0a vgatherdps ymm6,DWORD PTR [rsp+ymm7*8+0xa],ymm5 + 36: c4 e2 f9 17 9a 01 00 vptest xmm3,XMMWORD PTR [rdx+0x1] + 3d: 00 00 +*/ + char buf[] = { + 0x2E, 0x45, 0x71, 0xFF, 0xE9, 0x00, 0x00, 0xF0, 0x00, 0xC4, 0x42, 0x7D, 0x31, 0x3E, 0xC4, 0xA3, 0x7D, 0x08, 0x64, 0x82, 0x44, 0x00, 0x0F, 0x1E, 0x0A, 0x43, 0x0F, 0xEC, 0x20, 0x66, 0x47, 0x0F, 0x3A, 0x0C, 0x3D, 0x00, 0x80, 0x00, 0x00, 0x00, 0xC4, 0xE3, 0xF9, 0xDF, 0x5F, 0x86, 0x0D, 0xC4, 0xE2, 0x55, 0x92, 0x74, 0xFC, 0x0A, 0xC4, 0xE2, 0xF9, 0x17, 0x9A, 0x01, 0x00, 0x00, 0x00 + }; + void (*f)(void) = (void (*) (void))buf; + f(); + return 0; +} +================ +Steps to reproduce: +1) clang -static repro.c -o repro +2) qemu-x86_64-static repro + +Tested with 4.2.0 and 5.0.0-rc4. Both -user and -system variants are affected. + +A few more snippets that cause the same sort of behavior: +1) 0x64, 0x46, 0x7D, 0xFF, 0xDF, 0x27, 0x46, 0x0F, 0xD4, 0x83, 0x5E, 0x00, 0x00, 0x00, 0x3E, 0x0F, 0x6A, 0xEF, 0x0F, 0x05, 0xC4, 0x42, 0xFD, 0x1E, 0xCF, 0x46, 0x18, 0xE3, 0x47, 0xCD, 0x4E, 0x6E, 0x0F, 0x0F, 0x16, 0x8A + +2) 0x67, 0x45, 0xDB, 0xD0, 0xAA, 0xC4, 0xE2, 0xB1, 0x01, 0x57, 0x00, 0xF3, 0x6F, 0xF3, 0x42, 0x0F, 0x1E, 0xFD, 0x64, 0x2E, 0xF2, 0x45, 0xD9, 0xC4, 0x3E, 0xF3, 0x0F, 0xAE, 0xF4, 0x3E, 0x47, 0x0F, 0x1C, 0x22, 0x42, 0x73, 0xFF, 0xD9, 0xFD \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1877794 b/results/classifier/deepseek-r1:32b/output/instruction/1877794 new file mode 100644 index 000000000..936efc4c8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1877794 @@ -0,0 +1,6 @@ + + + +Constant Folding on 64-bit Subtraction causes SIGILL on linux-user glxgears ppc64le to x86_64 by way of generating bad shift instruction with c=-1 + +Hello, I've been recently working on my own little branch of QEMU implementing the drm IOCTLs, when I discovered that glxgears seems to crash in GLXSwapBuffers(); with a SIGILL. I investigated this for about 2 weeks, manually trying to trace the call stack, only to find that we seemingly crash in a bad shift instruction. Originally intended to be an shr_i64 generated to an RLDICL, we end up with an all ones(-1) c value, which gets thrown to the macro for generating the MB, and replaces the instruction with mostly ones. This new instruction, FFFFFFE0 is invalid on ppc64le, and crashes in a host SIGILL in codegen_buffer. I tried to see if the output of translate.c had this bad instruction, but all I got were two (shr eax, cl) instructions, and upon creating a test program with shr (eax, cl) in it, nothing happened. Then figuring that there was nothing actually wrong with the instruction in the first place, I turned my eye to the optimizer, and completely disabled constant folding for arithmetic instructions. This seemed to actually resolve the issue, and then I slowly enabled constant folding again on various instructions only to find that enabling not on the shifts, but on subtraction seemed to cause the bug to reappear. I am bewildered and frankly at this point I'm not sure I have a chance in hell of figuring out what causes it, so I'm throwing it here. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1881450 b/results/classifier/deepseek-r1:32b/output/instruction/1881450 new file mode 100644 index 000000000..37d7e0e6e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1881450 @@ -0,0 +1,26 @@ + + + +Emulation of a math function fails for m68k Linux user mode + +Please check the attached math-example.c file. +When running the m68k executable under QEMU, it results in an "Illegal instruction" error. +Other targets don't produce this error. + +Steps to reproduce the bug: + +1. Download the math-example.c attached file. +2. Compile it by running: + m68k-linux-gnu-gcc -O2 -static math-example.c -o math-example-m68k -lm +3. Run the executable with QEMU: + /build/qemu-5.0.0/build-gcc/m68k-linux-user/qemu-m68k math-example-m68k + +The output of execution is: + Profiling function expm1f(): + qemu: uncaught target signal 4 (Illegal instruction) - core dumped + Illegal instruction (core dumped) + +Expected output: + Profiling function expm1f(): + Elapsed time: 47 ms + Control result: 71804.953125 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1889288 b/results/classifier/deepseek-r1:32b/output/instruction/1889288 new file mode 100644 index 000000000..352290089 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1889288 @@ -0,0 +1,10 @@ + + + +aarch64 BICS instruciton doesn't set flags + +When reading the source for translate-a64.c here: + +https://github.com/qemu/qemu/blob/a466dd084f51cdc9da2e99361f674f98d7218559/target/arm/translate-a64.c#L4783 + +I noticed that it does not appear to call gen_logic_CC for the BICS instruction so is not setting the flags as required. I haven't tried to produce a test case for it but it seems like it might be a bug. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1901 b/results/classifier/deepseek-r1:32b/output/instruction/1901 new file mode 100644 index 000000000..dd2f3a207 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1901 @@ -0,0 +1,22 @@ + + + +qemu-sparc64 / sparc32plus apparent wrong results from VIS fmul8x16 instruction +Description of problem: +Experimenting with SPARC emulation, I noticed that the results of the UltraSparc fmul8x16 instruction don't appear to match the behaviour of real silicon (aka it doesn't appear to work at all -- in the test program, the result seems to be always 0). Other VIS instructions I tried seem to be OK (I have not tried all of them). + +The same problem is observed both in 64-bit (qemu-sparc64) and 32-bit (qemu-sparc32plus) applications. +Steps to reproduce: +1. Compile the attached test program (which exhaustively tests all possible combinations of 16-bit and 8-bit inputs) with gcc: + ``` + sparc64-unknown-linux-gnu-gcc -static -Os -mcpu=ultrasparc -mvis -o test_fmul8x16 test_fmul8x16.c + ``` +2. Run it in qemu-sparc64: + ``` + qemu-sparc64 -cpu 'TI UltraSparc II' ./test_fmul8x16 + ``` +3. Observe almost all tests fail. + + Running the exact same compiled binary on a real UltraSparc II CPU gives all pass results. +Additional information: +[test_fmul8x16.c](/uploads/2bf68e53652fba2ed69ac3ebb3f4b5e9/test_fmul8x16.c) diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1904210 b/results/classifier/deepseek-r1:32b/output/instruction/1904210 new file mode 100644 index 000000000..6a5a268f2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1904210 @@ -0,0 +1,54 @@ + + + +Crashed with 'uncaught target signal SIGILL' while program has registered by signal(SIGILL, handler) + +This binary is an CTF reverse challenge binary, it registers signal handler via 'signal(SIGILL, 0x1193D);' while 0x1193D is the SIGILL handler. + +Please see the attachment, the file 'repair' is the binary i mentioned above, the file 'qemu-arm' is an old version qemu at 2.5.0, and it seems an official release (not modified). + +Which means, it could be a bug in recent release. + +You need to input 'flag{' to the stdin to let the binary execute the illegal instruction at 0x10A68. + +In 2.5.0 version the -strace logs: +116 uname(0xf6ffed40) = 0 +116 brk(NULL) = 0x0009f000 +116 brk(0x0009fd00) = 0x0009fd00 +116 readlink("/proc/self/exe",0xf6ffde78,4096) = 21 +116 brk(0x000c0d00) = 0x000c0d00 +116 brk(0x000c1000) = 0x000c1000 +116 access("/etc/ld.so.nohwcap",F_OK) = -1 errno=2 (No such file or directory) +116 rt_sigaction(SIGILL,0xf6ffec48,0xf6ffecd4) = 0 +116 fstat64(1,0xf6ffe8e8) = 0 +116 ioctl(1,21505,-151000980,-151000924,652480,640808) = 0 +116 fstat64(0,0xf6ffe7d0) = 0 +116 ioctl(0,21505,-151001260,-151001204,652480,641152) = 0 +116 write(1,0xa5548,6)input: = 6 +116 read(0,0xa6550,4096)flag{ + = 6 +116 write(1,0xa5548,7)wrong! + = 7 +116 _llseek(0,4294967295,4294967295,0xf6ffee18,SEEK_CUR) = -1 errno=29 (Illegal seek) +116 exit_group(0) + +In 2.11.1, it shows: +113 uname(0xfffeed30) = 0 +113 brk(NULL) = 0x0009f000 +113 brk(0x0009fd00) = 0x0009fd00 +113 readlink("/proc/self/exe",0xfffede68,4096) = 21 +113 brk(0x000c0d00) = 0x000c0d00 +113 brk(0x000c1000) = 0x000c1000 +113 access("/etc/ld.so.nohwcap",F_OK) = -1 errno=2 (No such file or directory) +113 rt_sigaction(SIGILL,0xfffeec38,0xfffeecc4) = 0 +113 fstat64(1,0xfffee8d8) = 0 +113 ioctl(1,21505,-71588,-71532,652480,640808) = 0 +113 fstat64(0,0xfffee7c0) = 0 +113 ioctl(0,21505,-71868,-71812,652480,641152) = 0 +113 write(1,0xa5548,6)input: = 6 +113 read(0,0xa6550,4096)flag{ + = 6 +--- SIGILL {si_signo=SIGILL, si_code=2, si_addr=0x00010a68} --- +--- SIGILL {si_signo=SIGILL, si_code=2, si_addr=0x0001182c} --- +qemu: uncaught target signal 4 (Illegal instruction) - core dumped +Illegal instruction (core dumped) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1905356 b/results/classifier/deepseek-r1:32b/output/instruction/1905356 new file mode 100644 index 000000000..7c92cb919 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1905356 @@ -0,0 +1,15 @@ + + + +No check for unaligned data access in ARM32 instructions + +hi + +According to the ARM documentation, there are alignment requirements of load/store instructions. Alignment fault should be raised if the alignment check is failed. However, it seems that QEMU doesn't implement this, which is against the documentation of ARM. For example, the instruction LDRD/STRD/LDREX/STREX must check the address is word alignment no matter what value the SCTLR.A is. + +I attached a testcase, which contains a instruction at VA 0x10240: ldrd r0,[pc.#1] in the main function. QEMU can successfully load the data in the unaligned address. The test is done in QEMU 5.1.0. I can provide more testcases for the other instructions if you need. Many thanks. + +To patch this, we need a check while we translate the instruction to tcg. If the address is unaligned, a signal number (i.e., SIGBUS) should be raised. + +Regards +Muhui \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1908626 b/results/classifier/deepseek-r1:32b/output/instruction/1908626 new file mode 100644 index 000000000..a5714eef2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1908626 @@ -0,0 +1,68 @@ + + + +Atomic test-and-set instruction does not work on qemu-user + +I try to compile and run PostgreSQL/Greenplum database inside docker container/qemu-aarch64-static: +``` + host: CentOS7 x86_64 + container: centos:centos7.9.2009 --platform linux/arm64/v8 + qemu-user-static: https://github.com/multiarch/qemu-user-static/releases/ +``` + +However, GP/PG's spinlock always gets stuck and reports PANIC errors. It seems its spinlock +has something wrong. +``` +https://github.com/greenplum-db/gpdb/blob/master/src/include/storage/s_lock.h +https://github.com/greenplum-db/gpdb/blob/master/src/backend/storage/lmgr/s_lock.c +``` + +So I extract its spinlock implementation into one test C source file (see attachment file), +and get reprodcued: + +``` +$ gcc spinlock_qemu.c +$ ./a.out +C -- slock inited, lock value is: 0 +parent 139642, child 139645 +P -- slock lock before, lock value is: 0 +P -- slock locked, lock value is: 1 +P -- slock unlock after, lock value is: 0 +C -- slock lock before, lock value is: 1 +P -- slock lock before, lock value is: 1 +C -- slock locked, lock value is: 1 +C -- slock unlock after, lock value is: 0 +C -- slock lock before, lock value is: 1 +P -- slock locked, lock value is: 1 +P -- slock unlock after, lock value is: 0 +P -- slock lock before, lock value is: 1 +C -- slock locked, lock value is: 1 +C -- slock unlock after, lock value is: 0 +P -- slock locked, lock value is: 1 +C -- slock lock before, lock value is: 1 +P -- slock unlock after, lock value is: 0 +C -- slock locked, lock value is: 1 +P -- slock lock before, lock value is: 1 +C -- slock unlock after, lock value is: 0 +P -- slock locked, lock value is: 1 +C -- slock lock before, lock value is: 1 +P -- slock unlock after, lock value is: 0 +C -- slock locked, lock value is: 1 +P -- slock lock before, lock value is: 1 +C -- slock unlock after, lock value is: 0 +P -- slock locked, lock value is: 1 +C -- slock lock before, lock value is: 1 +P -- slock unlock after, lock value is: 0 +P -- slock lock before, lock value is: 1 +spin timeout, lock value is 1 (pid 139642) +spin timeout, lock value is 1 (pid 139645) +spin timeout, lock value is 1 (pid 139645) +spin timeout, lock value is 1 (pid 139642) +spin timeout, lock value is 1 (pid 139645) +spin timeout, lock value is 1 (pid 139642) +... +... +... +``` + +NOTE: this code always works on PHYSICAL ARM64 server. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1909 b/results/classifier/deepseek-r1:32b/output/instruction/1909 new file mode 100644 index 000000000..5c8aa9308 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1909 @@ -0,0 +1,53 @@ + + + +regression: 8.0.0 segfaults on coverage counter increment +Description of problem: +With qemu 8.0.0, my test program segfaults while incrementing a gcov counter: + +``` +Breakpoint 2, 0x00000000004bc9a8 in __CortexA53843419_464004 () +(gdb) x/2i $pc +=> 0x4bc9a8 <__CortexA53843419_464004>: str x8, [x9, #2512] + 0x4bc9ac <__CortexA53843419_464004+4>: b 0x464008 <mock_hyp_params_Destroy+24> +(gdb) p $x8 +$10 = 1 +(gdb) p $x9 +$11 = 5234688 +(gdb) x/x $x9+2512 +0x4fe9d0 <__llvm_gcov_ctr.5>: 0x00000000 +(gdb) stepi + +Program received signal SIGSEGV, Segmentation fault. +0x00000000004bc9a8 in __CortexA53843419_464004 () +(gdb) x/x $x9+2512 +0x4fe9d0 <__llvm_gcov_ctr.5>: 0x00000000 +(gdb) shell llvm-objdump --syms --arch-name=aarch64 ./build/gcov/out/test_hyp-props.out | grep 4fe9d0 +00000000004fe9d0 l O .bss 0000000000000008 __llvm_gcov_ctr.5 +(gdb) shell qemu-aarch64 --version +qemu-aarch64 version 8.0.0 +Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers +(gdb) +``` + +With qemu 6.2.0, it doesn't segfault (at least not at this point, you +may ignore the segfault at the end due to a bug in the test program). +``` +$ /usr/bin/qemu-aarch64 --version +qemu-aarch64 version 6.2.0 (Debian 1:6.2+dfsg-2ubuntu6.12) +Copyright (c) 2003-2021 Fabrice Bellard and the QEMU Project developers + +$ /usr/bin/qemu-aarch64 ./build/gcov/out/test_hyp-props.out +test_hyp-props.c:13:test__setup_str_prop:PASS +test_hyp-props.c:14:test__log_print_handler:PASS +test_hyp-props.c:15:test__setup_log_print_prop:PASS +test_hyp-props.c:16:test__vm_vcpu_abort_reset_handler:PASS +test_hyp-props.c:17:test__vm_info_alloc:PASS +test_hyp-props.c:18:test__memory_status_get:PASS +test_hyp-props.c:19:test__memory_status_get_fail:PASS +Segmentation fault (core dumped) +``` +Steps to reproduce: +1. Compile and link statically (with ld.lld) a test program, with clang, targetting aarch64 with: -target aarch64-linux-android -mcpu=cortex-a53, using --coverage option to generate gcov coverage. +2. Run it with qemu-aarch64 8.0.0 +3. Hopefully, it will segfault early for no good reason. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1912934 b/results/classifier/deepseek-r1:32b/output/instruction/1912934 new file mode 100644 index 000000000..93b930bf7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1912934 @@ -0,0 +1,20 @@ + + + +QEMU emulation of fmadds instruction on powerpc64le is buggy + +The attached program test-fmadds.c tests the fmadds instruction on powerpc64le. + +Result on real hardware (POWER8E processor): +$ ./a.out ; echo $? +0 + +Result in Alpine Linux 3.13/powerpcle, emulated by QEMU 5.0.0 on Ubuntu 16.04: +$ ./a.out ; echo $? +32 + +Result in Debian 8.6.0/ppc64el, emulated by QEMU 2.9.0 on Ubuntu 16.04: +$ ./a.out ; echo $? +32 + +Through 'nm --dynamic qemu-system-ppc64 | grep fma' I can see that QEMU is NOT using the fmaf() or fma() function from the host system's libc; this function is working fine in glibc of the host system (see https://www.gnu.org/software/gnulib/manual/html_node/fmaf.html ). \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1913913 b/results/classifier/deepseek-r1:32b/output/instruction/1913913 new file mode 100644 index 000000000..65ce919d2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1913913 @@ -0,0 +1,21 @@ + + + +i386-linux-user returns -1 in sigcontext->trapno + +QEMU development version, git commit 74208cd252c5da9d867270a178799abd802b9338. Behaviour has been noted in 5.2.0 generally. + +Certain 16-bit windows programs crash WINE under QEMU linux-user with: + +0084:err:seh:segv_handler Got unexpected trap -1 +wine: Unhandled illegal instruction at address 00006D65 (thread 0084), starting debugger... + +They run correctly on native i386. + +Upon further inspection,it becomes clear these programs are failing at addresses where they are making DOS calls (int 21h ie CD 21 for instance). + +It is also clear that WINE is expecting an exception/signal at this point, to patch in the actual int21h handling code inside WINE. + +However, wine uses sigcontext output extensively to do its structured exception handling. sigcontext->trapno being set to -1 seems to confuse it, causing it to treat the exception as an actual unhandled error. + +I do not know if exception_index is being left at -1 due to the case of privileged instructions being executed in 16-bit ldts not being handled specifically, or if there is some other illegal instruction case causing this. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1914021 b/results/classifier/deepseek-r1:32b/output/instruction/1914021 new file mode 100644 index 000000000..3287d096f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1914021 @@ -0,0 +1,30 @@ + + + +qemu: uncaught target signal 4 (Illegal instruction) but gdb remote-debug exited normally + +I'm getting Illegal instruction (core dumped) when running the attached a.out_err binary in qemu, but when using Gdb to remote-debug the program, it exited normally. will appreciate if you can help look into this qemu issue. + +readelf -h a.out_err +ELF Header: + Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 + Class: ELF32 + Data: 2's complement, little endian + Version: 1 (current) + OS/ABI: UNIX - System V + ABI Version: 0 + Type: EXEC (Executable file) + Machine: ARM + Version: 0x1 + Entry point address: 0x8220 + Start of program headers: 52 (bytes into file) + Start of section headers: 54228 (bytes into file) + Flags: 0x5000200, Version5 EABI, soft-float ABI + Size of this header: 52 (bytes) + Size of program headers: 32 (bytes) + Number of program headers: 3 + Size of section headers: 40 (bytes) + Number of section headers: 16 + Section header string table index: 15 + +qemu-arm version 4.0.0 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1915327 b/results/classifier/deepseek-r1:32b/output/instruction/1915327 new file mode 100644 index 000000000..5651f2a1f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1915327 @@ -0,0 +1,37 @@ + + + +x86_64 cmpxchg behavior in qemu tcg does not match the real CPU + +QEMU version: +1214d55d1c (HEAD, origin/master, origin/HEAD) Merge remote-tracking branch 'remotes/nvme/tags/nvme-next-pull-request' into staging + +Consider the following little program: + +$ cat 1.c +#include <stdio.h> +int main() { + int mem = 0x12345678; + register long rax asm("rax") = 0x1234567812345678; + register int edi asm("edi") = 0x77777777; + asm("cmpxchg %[edi],%[mem]" + : [ mem ] "+m"(mem), [ rax ] "+r"(rax) + : [ edi ] "r"(edi)); + long rax2 = rax; + printf("rax2 = %lx\n", rax2); +} + +According to the Intel Manual, cmpxchg should not touch the accumulator in case the values are equal, which is indeed the case on the real CPU: + +$ gcc 1.c +$ ./a.out +rax2 = 1234567812345678 + +However, QEMU appears to zero extend EAX to RAX: + +$ qemu-x86_64 ./a.out +rax2 = 12345678 + +This is also the case for lock cmpxchg. + +Found in BPF development context: https://lore<email address hidden> \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1916269 b/results/classifier/deepseek-r1:32b/output/instruction/1916269 new file mode 100644 index 000000000..6c64e5313 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1916269 @@ -0,0 +1,22 @@ + + + +TCG: QEMU incorrectly raises exception on SSE4.2 CRC32 instruction + +If I run FreeBSD on QEMU 5.2 with TCG acceleration -cpu Nehalem, I get a FPU exception when executing crc32 (https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=253617). This is not a problem with the default CPU (or KVM) since that does not support SSE 4.2. + +Attaching GDB shows this is triggered in target/i386/tcg/translate.c:3067 + + /* simple MMX/SSE operation */ + if (s->flags & HF_TS_MASK) { + gen_exception(s, EXCP07_PREX, pc_start - s->cs_base); + return; + } + +However, according to https://software.intel.com/sites/default/files/m/8/b/8/D9156103.pdf, page 61 the CRC32 instruction works no matter what the value of the TS bit. + +The code sequence in question is: +0xffffffff8105a4de <+126>: f2 48 0f 38 f1 de crc32q %rsi,%rbx +0xffffffff8105a4e4 <+132>: f2 48 0f 38 f1 ca crc32q %rdx,%rcx. + +This should work even with the FPU disabled. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1922887 b/results/classifier/deepseek-r1:32b/output/instruction/1922887 new file mode 100644 index 000000000..1cdbb541c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1922887 @@ -0,0 +1,33 @@ + + + +STR in Thumb 32 decode problem + +Hi + +It seems that QEMU does not have a proper check on the STR instruction in Thumb32 mode. + +Specifically, the machine code is 0xf84f0ddd, which is 0b1111 1000 0100 1111 0000 1101 1101 1101. +This is an STR (immediate, Thumb) instruction with a T4 encoding scheme. + +The symbols is + +Rn = 1111 +Rt = 0000 +P = 1 +U = 0 +W = 1 + +The decode ASL is below: + +if P == ‘1’ && U == ‘1’ && W == ‘0’ then SEE STRT; +if Rn == ‘1101’ && P == ‘1’ && U == ‘0’ && W == ‘1’ && imm8 == ‘00000100’ then SEE PUSH; +if Rn == ‘1111’ || (P == ‘0’ && W == ‘0’) then UNDEFINED; +t = UInt(Rt); n = UInt(Rn); imm32 = ZeroExtend(imm8, 32); +index = (P == ‘1’); add = (U == ‘1’); wback = (W == ‘1’); +if t == 15 || (wback && n == t) then UNPREDICTABLE; + +When Rn == 1111, it should be an undefined instruction, which should raise SEGILL signal. However, it seems that QEMU does not check this constraint, which should be a bug. Many thanks + +Regards +Muhui \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1925512 b/results/classifier/deepseek-r1:32b/output/instruction/1925512 new file mode 100644 index 000000000..a847cd79a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1925512 @@ -0,0 +1,21 @@ + + + +UNDEFINED case for instruction BLX + +Hi + +I refer to the instruction BLX imm (T2 encoding) in ARMv7 (Thumb mode). + +11110 S imm10H 11 J1 0 J2 imm10L H + + +if H == '1' then UNDEFINED; +I1 = NOT(J1 EOR S); I2 = NOT(J2 EOR S); imm32 = SignExtend(S:I1:I2:imm10H:imm10L:'00', 32); +targetInstrSet = InstrSet_A32; +if InITBlock() && !LastInITBlock() then UNPREDICTABLE; + +According to the manual, if H equals to 1, this instruction should be an UNDEFINED instruction. However, it seems QEMU does not check this constraint in function trans_BLX_i. Thanks + +Regards +Muhui \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1926759 b/results/classifier/deepseek-r1:32b/output/instruction/1926759 new file mode 100644 index 000000000..437445902 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1926759 @@ -0,0 +1,21 @@ + + + +WFI instruction results in unhandled CPU exception + +Hi + +I refer to the WFI instruction. The bytecode is 0xe320f003. After the execution, qemu exit with the following crash log. + +qemu: unhandled CPU exception 0x10001 - aborting +R00=00000001 R01=40800b34 R02=40800b3c R03=000102ec +R04=00010a28 R05=00010158 R06=00087460 R07=00010158 +R08=00000000 R09=00000000 R10=00085b7c R11=408009f4 +R12=40800a08 R13=408009f0 R14=0001057c R15=000102f8 +PSR=60000010 -ZC- A usr32 +qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x7f5c21d0fa12 + +WFI aims to enter a low-power state and wait for interrupt. The raised exception seems not a right behavior. I can provide a testcase if you needed. Many thanks. + +Regards +Muhui \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/1967248 b/results/classifier/deepseek-r1:32b/output/instruction/1967248 new file mode 100644 index 000000000..c84ead78a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/1967248 @@ -0,0 +1,41 @@ + + + +qemu: uncaught target signal 5 (Trace/breakpoint trap) + +I'm getting core dumped when running the attached a.out_err binary in qemu, but when using Gdb to remote-debug the program, it exited normally. will appreciate if you can help look into this qemu issue. + +And I found that QEMU's 32-bit arm linux-user mode doesn't correctly turn guest BKPT insns into SIGTRAP signal. + +0xa602 <_start> movs r0, #22 0xa604 <_start+2> addw r1, pc, #186 ; 0xba +0xa608 <_start+6> bkpt 0x00ab + +$readelf -h hello +ELF Header: + Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 + Class: ELF32 + Data: 2's complement, little endian + Version: 1 (current) + OS/ABI: UNIX - System V + ABI Version: 0 + Type: EXEC (Executable file) + Machine: ARM + Version: 0x1 + Entry point address: 0xa603 + Start of program headers: 52 (bytes into file) + Start of section headers: 144128 (bytes into file) + Flags: 0x5000200, Version5 EABI, soft-float ABI + Size of this header: 52 (bytes) + Size of program headers: 32 (bytes) + Number of program headers: 5 + Size of section headers: 40 (bytes) + Number of section headers: 16 + Section header string table index: 14 + +$qemu-arm --version +qemu-arm version 6.2.0 +Copyright (c) 2003-2021 Fabrice Bellard and the QEMU Project developers + + +And I have check that the bug(https://bugs.launchpad.net/qemu/+bug/1873898) is fixed. +But it's coredump. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2078 b/results/classifier/deepseek-r1:32b/output/instruction/2078 new file mode 100644 index 000000000..73f219935 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2078 @@ -0,0 +1,37 @@ + + + +Qemu crashes with SIGFPE on certain trapping arithmetic operations on m68k target +Description of problem: +I recently ported NetBSD to the Qemu m68k "virt" platform, and this was discovered when running NetBSD's automated tests. Certain arithmetic operation that will trap in the guest will crash Qemu. First case encountered is below. +Steps to reproduce: +1. Compile and run the following program in the m68k guest: + +``` +virt68k:thorpej 3$ cat crash-qemu.c +#include <limits.h> +#include <stdlib.h> + +int divisor = -1; + +int +main(int argc, char *argv[]) +{ + + if (argc > 1) + divisor = atoi(argv[1]); + + return INT_MIN / divisor; +} +virt68k:thorpej 4$ +``` + +Another minimal case would be: + +``` +move.l #-2147483648,%d0 +move.l #-1,%d1 +divsl.l %d1,%d1:%d0 +``` +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2083 b/results/classifier/deepseek-r1:32b/output/instruction/2083 new file mode 100644 index 000000000..ca2fcabbd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2083 @@ -0,0 +1,114 @@ + + + +AArch64 SME SMOPA (4-way) outer product instruction gives incorrect result +Description of problem: +The SME SMOPA (4-way) instruction ([spec](https://developer.arm.com/documentation/ddi0602/2023-09/SME-Instructions/SMOPA--4-way---Signed-integer-sum-of-outer-products-and-accumulate-?lang=en)) is giving incorrect result. Example below for 8-bit variant, which is equivalent to following Python example (128-bit VL) to make it clearer: + +``` +import numpy as np +vl = 128 +esize = 32 +dim = vl // esize + +A = range(16) +B = range(16, 32) +C = np.zeros((4, 4,), dtype=np.int32) + +for row in range(dim): + for col in range(dim): + for k in range(4): + C[row, col] += A[4*row + k] * B[4*col + k] + +print(C) + +[[ 110 134 158 182] + [ 390 478 566 654] + [ 670 822 974 1126] + [ 950 1166 1382 1598]] +``` + +main.c +``` +#include <stdio.h> +#include <stdint.h> + +void foo(int *dst); + +int main() { + int32_t dst[16]; + foo(dst); + + // This should print: + // >>> 110 134 158 182 + // >>> 390 478 566 654 + // >>> 670 822 974 1126 + // >>> 950 1166 1382 1598 + for (int i=0; i<4; ++i) { + printf(">>> "); + for (int j=0; j<4; ++j) { + printf("%d ", dst[i * 4 + j]); + } + printf("\n"); + } +} +``` + +foo.S + +``` +.global foo +foo: + stp x29, x30, [sp, -80]! + mov x29, sp + stp d8, d9, [sp, 16] + stp d10, d11, [sp, 32] + stp d12, d13, [sp, 48] + stp d14, d15, [sp, 64] + + smstart + + ptrue p0.b + index z0.b, #0, #1 + mov z1.d, z0.d + add z1.b, z1.b, #16 + + zero {za} + smopa za0.s, p0/m, p0/m, z0.b, z1.b + + // Read the first 4x4 sub-matrix of elements from tile 0: + mov w12, #0 + mova z0.s, p0/m, za0h.s[w12, #0] + mova z1.s, p0/m, za0h.s[w12, #1] + mova z2.s, p0/m, za0h.s[w12, #2] + mova z3.s, p0/m, za0h.s[w12, #3] + + // And store them to the input pointer (dst in the C code): + st1w {z0.s}, p0, [x0] + add x0, x0, #16 + st1w {z1.s}, p0, [x0] + add x0, x0, #16 + st1w {z2.s}, p0, [x0] + add x0, x0, #16 + st1w {z3.s}, p0, [x0] + + smstop + + ldp d8, d9, [sp, 16] + ldp d10, d11, [sp, 32] + ldp d12, d13, [sp, 48] + ldp d14, d15, [sp, 64] + ldp x29, x30, [sp], 80 + ret +``` +Steps to reproduce: +``` +$ clang -target aarch64-linux-gnu -march=armv9-a+sme main.c foo.S +$ ~/qemu/build/qemu-aarch64 -cpu max,sme128=on a.out +>>> 110 478 158 654 +>>> 0 0 0 0 +>>> 670 1166 974 1598 +>>> 0 0 0 0 +``` +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2089 b/results/classifier/deepseek-r1:32b/output/instruction/2089 new file mode 100644 index 000000000..42ff91e11 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2089 @@ -0,0 +1,30 @@ + + + +aarch64: incorrect emulation of sqshrn instruction +Description of problem: +`sqshrn` instruction test fails with qemu-aarch64, but passes on real aarch64 hardware. +Steps to reproduce: +1. Build [inline_asm_tests](https://cs.android.com/android/platform/superproject/main/+/main:frameworks/libs/binary_translation/tests/inline_asm_tests/) and run with qemu-aarch64 +2. Observe two failures + +``` +[ RUN ] Arm64InsnTest.SignedSaturatingShiftRightNarrowInt16x1 +frameworks/libs/binary_translation/tests/inline_asm_tests/main_arm64.cc:6697: Failure +Expected equality of these values: + res1 + Which is: 4294967188 + MakeUInt128(0x94U, 0U) + Which is: 148 +[ FAILED ] Arm64InsnTest.SignedSaturatingShiftRightNarrowInt16x1 (5 ms) +[ RUN ] Arm64InsnTest.SignedSaturatingRoundingShiftRightNarrowInt16x1 +frameworks/libs/binary_translation/tests/inline_asm_tests/main_arm64.cc:6793: Failure +Expected equality of these values: + res3 + Which is: 4294967168 + MakeUInt128(0x0000000000000080ULL, 0x0000000000000000ULL) + Which is: 128 +[ FAILED ] Arm64InsnTest.SignedSaturatingRoundingShiftRightNarrowInt16x1 (2 ms) +``` +Additional information: +[Direct link to SignedSaturatingShiftRightNarrowInt16x1 test source](https://cs.android.com/android/platform/superproject/main/+/main:frameworks/libs/binary_translation/tests/inline_asm_tests/main_arm64.cc;l=6692;drc=4ee2c3035fa5dc0b7a48b6c6dc498296be071861) diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2136 b/results/classifier/deepseek-r1:32b/output/instruction/2136 new file mode 100644 index 000000000..20d62a582 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2136 @@ -0,0 +1,38 @@ + + + +on loongarch host, LSX vec get wrong result +Description of problem: +on loongarch host, the lsx insns get wrong result. +Steps to reproduce: +1. build linux-user on loongarch host with '--configure --target-list ='loongarch64-linux-user'' +2. build test code 'gcc --static test.c -o test' +3. run './build/qemu-loongarch64 test' +Additional information: +run 'qemu-loongarch64 test' +the result is + +`0: 2f2f2f2f +1: 0 +2: 2f2f2f2f +3: 0 +4: ffffffff +5: 0 +6: ffffffff +7: ffffffff` + +and the 6 or 7 may be ffffff or 0. + +run 'test' on loongarch host or run qemu-loongarch64 on x86_64 host. +the result is + +`0: 2f2f2f2f +1: 0 +2: 2f2f2f2f +3: 0 +4: 0 +5: 0 +6: 0 +7: 0` + +for more infomation see log.txt diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2175 b/results/classifier/deepseek-r1:32b/output/instruction/2175 new file mode 100644 index 000000000..1ed7e24f6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2175 @@ -0,0 +1,41 @@ + + + +Intel BLSI CF computation bug +Description of problem: +CF flag computation of BLSI instruction is wrong. It seems #1370 was not completely fixed. +Steps to reproduce: +1. Compile `example.c` using this command: `gcc -o example.bin example.c`. My gcc version is 12.3.0, but other versions may work. +``` +int main() { + __asm__ ( + "movq $0x1, %r8\n" + "mov $0xedbf530a, %r9\n" + "push $0x1\n" + "popf\n" + "blsi %r9d, %r8d\n" + "pushf\n" + "pop %rax\n" + "pop %rbp\n" + "ret\n" + ); + + return 0; +} +``` +2. Run `./example.bin`. Then check the return code using `echo $?`. It should be 3. +``` +$ ./example.bin +$ echo $? +3 +``` +3. Run `./qemu-x86_64 ./example.bin`. Then check the return code using `echo $?`. It should be 2. +``` +$ ./qemu-x86_64 ./example.bin +$ echo $? +2 +``` + +The return code of `./example.bin` contains the value of the `RFLAGS` register after executing the `BLSI` instruction. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2203 b/results/classifier/deepseek-r1:32b/output/instruction/2203 new file mode 100644 index 000000000..b2e549ee0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2203 @@ -0,0 +1,4 @@ + + + +RISC-V RVV fractional LMUL check is wrong diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2302 b/results/classifier/deepseek-r1:32b/output/instruction/2302 new file mode 100644 index 000000000..687b2201f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2302 @@ -0,0 +1,28 @@ + + + +qemu-x86_64 crashes with "Illegal Instruction" on SPECCPU2017 Benchmarks +Description of problem: +I am running qemu-x86_64 with SPEC CPU 2017 benchmarks, and the compiled benchmarks such as Perlbench will crash unexpectedly. I have changed to three other machines to run it and still get crashes on two of them, I don't know what's the problem and want some help. +Steps to reproduce: +1. Compile SPEC CPU 2017 basic Perlbench binary. +2. Use the above command line to run it. +Additional information: +I have added some debugging flags to qemu-x86_64 to test it. The "-d in_asm" flag gives me the instructions before the crash like this: +``` +---------------- +IN: Perl_lex_start +0x555555678a79: 48 89 83 a8 00 00 00 movq %rax, 0xa8(%rbx) +0x555555678a80: e9 01 ff ff ff jmp 0x555555678986 + +---------------- +IN: Perl_lex_start +0x555555678986: 48 8b 50 10 movq 0x10(%rax), %rdx +0x55555567898a: 41 83 e4 16 andl $0x16, %r12d +0x55555567898e: 48 89 93 d0 00 00 00 movq %rdx, 0xd0(%rbx) +0x555555678995: 48 89 93 c0 00 00 00 movq %rdx, 0xc0(%rbx) +0x55555567899c: 62 .byte 0x62 + +qemu: uncaught target signal 4 (Illegal instruction) - core dumped +Illegal instruction (core dumped) +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2317 b/results/classifier/deepseek-r1:32b/output/instruction/2317 new file mode 100644 index 000000000..34e976a1c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2317 @@ -0,0 +1,41 @@ + + + +SH4: ADDV instruction not emulated properly +Description of problem: +ADDV opcode is emulated incorrectly. + +The documentation says: + +`ADDV Rm, Rn Rn + Rm -> Rn, overflow -> T` + +What Qemu actually emulates: + +`ADDV Rm, Rn Rn + Rm -> Rm, overflow -> T` +Steps to reproduce: +```c +#include <stdio.h> + +int main(void) +{ + register unsigned int a asm("r8") = 0x7fffffff; + register unsigned int b asm("r9") = 1; + register unsigned int c asm("r10"); + + asm volatile("clrt\n" + "addv %2,%0\n" + "movt %1\n" + : "+r"(a), "=r"(c) : "r"(b) :); + + printf("Values: a=0x%x b=0x%x c=0x%x\n", a, b, c); + + return 0; +} + +``` +Additional information: +Tested on real hardware (SEGA Dreamcast, GCC 15.0), the program above prints: +`Values: a=0x80000000 b=0x1 c=0x1` + +Running with Qemu (and GCC 13.0), the same program prints: +`Values: a=0x7fffffff b=0x80000000 c=0x1` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2318 b/results/classifier/deepseek-r1:32b/output/instruction/2318 new file mode 100644 index 000000000..9ed785f09 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2318 @@ -0,0 +1,37 @@ + + + +SH4: SUBV instruction not emulated properly +Description of problem: +SUBV opcode is emulated incorrectly. + +The documentation says: + +`SUBV Rm, Rn Rn - Rm -> Rn, underflow -> T` + +Qemu seems to perform the subtraction correctly, but will not detect an underflow. +Steps to reproduce: +```c +#include <stdio.h> + +int main(void) +{ + register unsigned int a asm("r8") = 0x80000001; + register unsigned int b asm("r9") = 0x2; + register unsigned int c asm("r10"); + + asm volatile("subv %2,%0\n" + "movt %1\n" + : "+r"(a), "=r"(c) : "r"(b) :); + + printf("Values: a=0x%x b=0x%x c=0x%x\n", a, b, c); + + return 0; +} +``` +Additional information: +Tested on real hardware (SEGA Dreamcast, GCC 15.0), the program above prints: +`Values: a=0x7fffffff b=0x2 c=0x1` + +Running with Qemu (and GCC 13.0), the same program prints: +`Values: a=0x7fffffff b=0x2 c=0x0` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2319 b/results/classifier/deepseek-r1:32b/output/instruction/2319 new file mode 100644 index 000000000..98e922d21 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2319 @@ -0,0 +1,20 @@ + + + +SPARC32-bit SDIV of negative divisor gives wrong result +Description of problem: +SDIV of negative divisor gives wrong result because of typo in helper_sdiv(). This is true for QEMU 9.0.0 and earlier. + +Place -1 in the Y register and -128 in another reg, then -120 in another register and do SDIV into a result register, instead of the proper value of 1 for the result, the incorrect value of 0 is produced. + +There is a typo in target/sparc/helper.c that causes the divisor to be consider unsigned, this patch fixes it: + +\*\*\* helper.c.ori Tue Apr 23 16:23:45 2024 --- helper.c Mon Apr 29 20:14:07 2024 + +--- + +\*\*\* 121,127 \*\*\*\* return (uint32_t)(b32 \< 0 ? INT32_MAX : INT32_MIN) | (-1ull \<\< 32); } + +! a64 /= b; r = a64; if (unlikely(r != a64)) { return (uint32_t)(a64 \< 0 ? INT32_MIN : INT32_MAX) | (-1ull \<\< 32); --- 121,127 ---- return (uint32_t)(b32 \< 0 ? INT32_MAX : INT32_MIN) | (-1ull \<\< 32); } + +! a64 /= b32; r = a64; if (unlikely(r != a64)) { return (uint32_t)(a64 \< 0 ? INT32_MIN : INT32_MAX) | (-1ull \<\< 32); diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2371 b/results/classifier/deepseek-r1:32b/output/instruction/2371 new file mode 100644 index 000000000..9a778851f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2371 @@ -0,0 +1,55 @@ + + + +A bug in RISC-V froundnx.h instruction +Description of problem: +According to the RISCV ISA manual, the froundnx.h instruction rounds a half-precision floating-point number in the source register to an integer and writes the integer, represented as a half-precision floating-point number, to the destination register. Because the values are stored in 64-bit width registers, they must be NaN-unboxed/boxed before/after the operation. When an input value lacks the proper form of NaN-boxing, it should be treated as a canonical NaN. +However, when an incorrectly NaN-boxed value is passed to froundnx.h, QEMU produces 0 instead of the canonical NaN. This is because there is a typo in the definition of helper_froundnx_h: +``` +// target/riscv/fpu_helper.c +uint64_t helper_froundnx_h(CPURISCVState *env, uint64_t rs1) +{ + float16 frs1 = check_nanbox_s(env, rs1); // This should be check_nanbox_h. + frs1 = float16_round_to_int(frs1, &env->fp_status); + return nanbox_h(env, frs1); +} +``` +Steps to reproduce: +1. Write `test.c`. +``` +#include <stdio.h> + +char i_F6[8] = { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }; +char o_F5[8]; + +void __attribute__ ((noinline)) show_state() { + for (int i = 0; i < 8; i++) { + printf("%02x ", o_F5[i]); + } + printf("\n"); +} + +void __attribute__ ((noinline)) run() { + __asm__ ( + "lui t5, %hi(i_F6)\n" + "addi t5, t5, %lo(i_F6)\n" + "fld ft6, 0(t5)\n" + ".insn 0x445372d3\n" // froundnx.h ft5, ft6 + "lui t5, %hi(o_F5)\n" + "addi t5, t5, %lo(o_F5)\n" + "fsd ft5, 0(t5)\n" + ); +} + +int main(int argc, char **argv) { + run(); + show_state(); + + return 0; +} +``` +2. Compile `test.bin` using this command: `riscv64-linux-gnu-gcc-12 -O2 -no-pie -march=rv64iv ./test.c -o ./test.bin`. +3. Run QEMU using this command: `qemu-riscv64 -L /usr/riscv64-linux-gnu/ ./test.bin`. +4. The program, runs on top of the buggy QEMU, prints `00 00 ff ff ff ff ff ff`. It should print `00 7e ff ff ff ff ff ff` after the bug is fixed. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2372 b/results/classifier/deepseek-r1:32b/output/instruction/2372 new file mode 100644 index 000000000..007c25eab --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2372 @@ -0,0 +1,112 @@ + + + +A bug in AArch64 UMOPA/UMOPS (4-way) instruction +Description of problem: +umopa computes the multiplication of two matrices in the source registers and accumulates the result to the destination register. A source register’s element size is 16 bits, while a destination register’s element size is 64 bits in case of the 4-way variant of this instruction. Before performing matrix multiplication, each element should be zero-extended to a 64-bit element. + +However, the current implementation of the helper function fails to convert the element type correctly. Below is the helper function implementation: +``` +// target/arm/tcg/sme_helper.c +#define DEF_IMOP_64(NAME, NTYPE, MTYPE) \ +static uint64_t NAME(uint64_t n, uint64_t m, uint64_t a, uint8_t p, bool neg) \ +{ \ + uint64_t sum = 0; \ + /* Apply P to N as a mask, making the inactive elements 0. */ \ + n &= expand_pred_h(p); \ + sum += (NTYPE)(n >> 0) * (MTYPE)(m >> 0); \ + sum += (NTYPE)(n >> 16) * (MTYPE)(m >> 16); \ + sum += (NTYPE)(n >> 32) * (MTYPE)(m >> 32); \ + sum += (NTYPE)(n >> 48) * (MTYPE)(m >> 48); \ + return neg ? a - sum : a + sum; \ +} + +DEF_IMOP_64(umopa_d, uint16_t, uint16_t) +``` +When the multiplication is performed, each element, such as `(NTYPE)(n >> 0)`, is automatically converted to `int32_t`, so the computation result has a type `int32_t`. The result is then converted to `uint64_t`, and it is added to `sum`. It seems the elements should be casted to `uint64_t` **before** performing the multiplication. +Steps to reproduce: +1. Write `test.c`. +``` +#include <stdio.h> + +char i_P1[4] = { 0xff, 0xff, 0xff, 0xff }; +char i_P5[4] = { 0xff, 0xff, 0xff, 0xff }; +char i_Z0[32] = { // Set only the first element as non-zero + 0xff, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, +}; +char i_Z20[32] = { // Set only the first element as non-zero + 0xff, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, +}; +char i_ZA2H[128] = { 0x0, }; +char o_ZA2H[128]; + +void __attribute__ ((noinline)) show_state() { + for (int i = 0; i < 8; i++) { + for (int j = 0; j < 16; j++) { + printf("%02x ", o_ZA2H[16*i+j]); + } + printf("\n"); + } +} + +void __attribute__ ((noinline)) run() { + __asm__ ( + ".arch armv9.3-a+sme\n" + "smstart\n" + "adrp x29, i_P1\n" + "add x29, x29, :lo12:i_P1\n" + "ldr p1, [x29]\n" + "adrp x29, i_P5\n" + "add x29, x29, :lo12:i_P5\n" + "ldr p5, [x29]\n" + "adrp x29, i_Z0\n" + "add x29, x29, :lo12:i_Z0\n" + "ldr z0, [x29]\n" + "adrp x29, i_Z20\n" + "add x29, x29, :lo12:i_Z20\n" + "ldr z20, [x29]\n" + "adrp x29, i_ZA2H\n" + "add x29, x29, :lo12:i_ZA2H\n" + "mov x15, 0\n" + "ld1d {za2h.d[w15, 0]}, p1, [x29]\n" + "add x29, x29, 32\n" + "ld1d {za2h.d[w15, 1]}, p1, [x29]\n" + "add x29, x29, 32\n" + "mov x15, 2\n" + "ld1d {za2h.d[w15, 0]}, p1, [x29]\n" + "add x29, x29, 32\n" + "ld1d {za2h.d[w15, 1]}, p1, [x29]\n" + ".inst 0xa1f43402\n" // umopa za2.d, p5/m, p1/m, z0.h, z20.h + "adrp x29, o_ZA2H\n" + "add x29, x29, :lo12:o_ZA2H\n" + "mov x15, 0\n" + "st1d {za2h.d[w15, 0]}, p1, [x29]\n" + "add x29, x29, 32\n" + "st1d {za2h.d[w15, 1]}, p1, [x29]\n" + "add x29, x29, 32\n" + "mov x15, 2\n" + "st1d {za2h.d[w15, 0]}, p1, [x29]\n" + "add x29, x29, 32\n" + "st1d {za2h.d[w15, 1]}, p1, [x29]\n" + "smstop\n" + ".arch armv8-a\n" + ); +} + +int main(int argc, char **argv) { + run(); + show_state(); + return 0; +} +``` +2. Compile `test.bin` using this command: `aarch64-linux-gnu-gcc-12 -O2 -no-pie ./test.c -o ./test.bin`. +3. Run `QEMU` using this command: `qemu-aarch64 -L /usr/aarch64-linux-gnu/ -cpu max,sme256=on ./test.bin`. +4. The program, runs on top of the buggy QEMU, prints the first 8 bytes of `ZA2H` as `01 00 fe ff ff ff ff ff`. It should print `01 00 fe ff 00 00 00 00` after the bug is fixed. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2373 b/results/classifier/deepseek-r1:32b/output/instruction/2373 new file mode 100644 index 000000000..57a05a745 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2373 @@ -0,0 +1,98 @@ + + + +A bug in AArch64 FMOPA/FMOPS (widening) instruction +Description of problem: +fmopa computes the multiplication of two matrices in the source registers and accumulates the result to the destination register. A source register’s element size is 16 bits, while a destination register’s element size is 64 bits in the case of widening variant of this instruction. Before the matrix multiplication is performed, each element should be converted to a 64-bit floating point. FPCR flags are considered when converting floating point values. Especially, when the FZ (or FZ16) flag is set, denormalized values are converted into zero. When the floating point size is 16 bits, FZ16 should be considered; otherwise, FZ flag should be used. + +However, the current implementation only considers FZ flag, not FZ16 flag, so it computes the wrong value. +Steps to reproduce: +1. Write `test.c`. +``` +#include <stdio.h> + +char i_P2[4] = { 0xff, 0xff, 0xff, 0xff }; +char i_P5[4] = { 0xff, 0xff, 0xff, 0xff }; +char i_Z0[32] = { // Set only the first element as non-zero + 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, +}; +char i_Z16[32] = { // Set only the first element as non-zero + 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, +}; +char i_ZA3H[128] = { 0x0, }; +uint64_t i_fpcr = 0x0001000000; // FZ = 1; +char o_ZA3H[128]; + +void __attribute__ ((noinline)) show_state() { + for (int i = 0; i < 8; i++) { + for (int j = 0; j < 16; j++) { + printf("%02x ", o_ZA3H[16*i+j]); + } + printf("\n"); + } +} + +void __attribute__ ((noinline)) run() { + __asm__ ( + ".arch armv9.3-a+sme\n" + "smstart\n" + "adrp x29, i_P2\n" + "add x29, x29, :lo12:i_P2\n" + "ldr p2, [x29]\n" + "adrp x29, i_P5\n" + "add x29, x29, :lo12:i_P5\n" + "ldr p5, [x29]\n" + "adrp x29, i_Z0\n" + "add x29, x29, :lo12:i_Z0\n" + "ldr z0, [x29]\n" + "adrp x29, i_Z16\n" + "add x29, x29, :lo12:i_Z16\n" + "ldr z16, [x29]\n" + "adrp x29, i_ZA3H\n" + "add x29, x29, :lo12:i_ZA3H\n" + "mov x15, 0\n" + "ld1w {za3h.s[w15, 0]}, p2, [x29]\n" + "add x29, x29, 32\n" + "ld1w {za3h.s[w15, 1]}, p2, [x29]\n" + "add x29, x29, 32\n" + "mov x15, 2\n" + "ld1w {za3h.s[w15, 0]}, p2, [x29]\n" + "add x29, x29, 32\n" + "ld1w {za3h.s[w15, 1]}, p2, [x29]\n" + "adrp x29, i_fpcr\n" + "add x29, x29, :lo12:i_fpcr\n" + "ldr x29, [x29]\n" + "msr fpcr, x29\n" + ".inst 0x81a0aa03\n" // fmopa za3.s, p2/m, p5/m, z16.h, z0.h + "adrp x29, o_ZA3H\n" + "add x29, x29, :lo12:o_ZA3H\n" + "mov x15, 0\n" + "st1w {za3h.s[w15, 0]}, p2, [x29]\n" + "add x29, x29, 32\n" + "st1w {za3h.s[w15, 1]}, p2, [x29]\n" + "add x29, x29, 32\n" + "mov x15, 2\n" + "st1w {za3h.s[w15, 0]}, p2, [x29]\n" + "add x29, x29, 32\n" + "st1w {za3h.s[w15, 1]}, p2, [x29]\n" + ".arch armv8-a\n" + ); +} + +int main(int argc, char **argv) { + run(); + show_state(); + return 0; +} +``` +2. Compile `test.bin` using this command: `aarch64-linux-gnu-gcc-12 -O2 -no-pie ./test.c -o ./test.bin`. +3. Run QEMU using this command: `qemu-aarch64 -L /usr/aarch64-linux-gnu/ -cpu max,sme256=on ./test.bin`. +4. The program, runs on top of the buggy QEMU, prints only zero bytes. It should print `00 01 7e 2f + 00 .. (rest of bytes) .. 00` after the bug is fixed. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2374 b/results/classifier/deepseek-r1:32b/output/instruction/2374 new file mode 100644 index 000000000..3b6a0325a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2374 @@ -0,0 +1,114 @@ + + + +A bug in AArch64 FMOPA/FMOPS (non-widening) instruction +Description of problem: +fmopa computes the multiplication of two matrices in the source registers and accumulates the result to the destination register. Depending on the instruction encoding, the element size of operands is either 32 bits or 64 bits. When the computation produces a NaN as a result, the default NaN should be generated. + +However, the current implementation of 32-bit variant of this instruction does not generate default NaNs, because invalid float_status pointer is passed: +``` +// target/arm/tcg/sme_helper.c +void HELPER(sme_fmopa_s)(void *vza, void *vzn, void *vzm, void *vpn, + void *vpm, void *vst, uint32_t desc) +{ +... + float_status fpst; + + /* + * Make a copy of float_status because this operation does not + * update the cumulative fp exception status. It also produces + * default nans. + */ + fpst = *(float_status *)vst; + set_default_nan_mode(true, &fpst); + +... + *a = float32_muladd(n, *m, *a, 0, vst); // &fpst should be used +... +} +``` +Steps to reproduce: +1. Write `test.c`. +``` +#include <stdio.h> + +char i_P0[4] = { 0xff, 0xff, 0xff, 0xff }; +char i_P6[4] = { 0xff, 0xff, 0xff, 0xff }; +char i_Z9[32] = { // Set only the first element as NaN, but it is not default NaN. + 0xff, 0xff, 0xff, 0xff, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, +}; +char i_Z27[32] = { + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, + 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, +}; +char i_ZA1H[128] = { 0x0, }; +char o_ZA1H[128]; + +void __attribute__ ((noinline)) show_state() { + for (int i = 0; i < 8; i++) { + for (int j = 0; j < 16; j++) { + printf("%02x ", o_ZA1H[16*i+j]); + } + printf("\n"); + } +} + +void __attribute__ ((noinline)) run() { + __asm__ ( + ".arch armv9.3-a+sme\n" + "smstart\n" + "adrp x29, i_P0\n" + "add x29, x29, :lo12:i_P0\n" + "ldr p0, [x29]\n" + "adrp x29, i_P6\n" + "add x29, x29, :lo12:i_P6\n" + "ldr p6, [x29]\n" + "adrp x29, i_Z9\n" + "add x29, x29, :lo12:i_Z9\n" + "ldr z9, [x29]\n" + "adrp x29, i_Z27\n" + "add x29, x29, :lo12:i_Z27\n" + "ldr z27, [x29]\n" + "adrp x29, i_ZA1H\n" + "add x29, x29, :lo12:i_ZA1H\n" + "mov x15, 0\n" + "ld1w {za1h.s[w15, 0]}, p0, [x29]\n" + "add x29, x29, 32\n" + "ld1w {za1h.s[w15, 1]}, p0, [x29]\n" + "add x29, x29, 32\n" + "mov x15, 2\n" + "ld1w {za1h.s[w15, 0]}, p0, [x29]\n" + "add x29, x29, 32\n" + "ld1w {za1h.s[w15, 1]}, p0, [x29]\n" + ".inst 0x809bc121\n" // fmopa za1.s, p0/m, p6/m, z9.s, z27.s + "adrp x29, o_ZA1H\n" + "add x29, x29, :lo12:o_ZA1H\n" + "mov x15, 0\n" + "st1w {za1h.s[w15, 0]}, p0, [x29]\n" + "add x29, x29, 32\n" + "st1w {za1h.s[w15, 1]}, p0, [x29]\n" + "add x29, x29, 32\n" + "mov x15, 2\n" + "st1w {za1h.s[w15, 0]}, p0, [x29]\n" + "add x29, x29, 32\n" + "st1w {za1h.s[w15, 1]}, p0, [x29]\n" + ".arch armv8-a\n" + ); +} + +int main(int argc, char **argv) { + run(); + show_state(); + return 0; +} +``` +2. Compile `test.bin` using this command: `aarch64-linux-gnu-gcc-12 -O2 -no-pie ./test.c -o ./test.bin`. +3. Run QEMU using this command: `qemu-aarch64 -L /usr/aarch64-linux-gnu/ -cpu max,sme256=on ./test.bin`. +4. The program, runs on top of the buggy QEMU, prints 8 non-default NaNs (ff ff ff ff). It should print 8 default NaNs (00 00 c0 7f) after the bug is fixed. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2375 b/results/classifier/deepseek-r1:32b/output/instruction/2375 new file mode 100644 index 000000000..68c073b1b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2375 @@ -0,0 +1,88 @@ + + + +A bug in AArch64 FJCVTZS instruction +Description of problem: +fjcvtzs instruction converts a double-precision floating-point value in the source register into a 32-bit signed integer, and stores the result in the destination register. The contents of the FPCR register influence the exception result. Especially, when FPCR.FZ (Flushing denormalized numbers to Zero) is set and an input is a denormalized number, the PSTATE.Z flag should be cleared even if the conversion result is zero. + +However, because the helper function for this instruction does not properly check the denormalized case, the Z flag will have an incorrect value: +``` +// target/arm/vfp_helper.c +uint64_t HELPER(fjcvtzs)(float64 value, void *vstatus) +{ + float_status *status = vstatus; + uint32_t inexact, frac; + uint32_t e_old, e_new; + + e_old = get_float_exception_flags(status); + set_float_exception_flags(0, status); + frac = float64_to_int32_modulo(value, float_round_to_zero, status); + e_new = get_float_exception_flags(status); + set_float_exception_flags(e_old | e_new, status); + + if (value == float64_chs(float64_zero)) { + /* While not inexact for IEEE FP, -0.0 is inexact for JavaScript. */ + inexact = 1; + } else { + /* Normal inexact or overflow or NaN */ + inexact = e_new & (float_flag_inexact | float_flag_invalid); // float_flag_input_denormal should also be checked. + } + + /* Pack the result and the env->ZF representation of Z together. */ + return deposit64(frac, 32, 32, inexact); +} +``` +Steps to reproduce: +1. Write `test.c`. +``` +#include <stdint.h> +#include <stdio.h> +#include <string.h> + +char i_D27[8] = { 0x0, 0xff, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0 }; +uint64_t i_fpcr = 0x01000000; // FZ = 1; +char o_X28[8]; +uint64_t o_nzcv; + +void __attribute__ ((noinline)) show_state() { + char Z = ((o_nzcv >> 30) & 1); + + printf("PSTATE.Z: %d\n", Z); + printf("X28: "); + for (int i = 0; i < 8; i++) { + printf("%02x ", o_X28[i]); + } + printf("\n"); +} + +void __attribute__ ((noinline)) run() { + __asm__ ( + "adrp x29, i_D27\n" + "add x29, x29, :lo12:i_D27\n" + "ldr d27, [x29]\n" + "adrp x29, i_fpcr\n" + "add x29, x29, :lo12:i_fpcr\n" + "ldr x29, [x29]\n" + "msr fpcr, x29\n" + ".inst 0x1e7e037c\n" // fjcvtzs w28, d27 + "mrs x26, nzcv\n" + "adrp x29, o_nzcv\n" + "add x29, x29, :lo12:o_nzcv\n" + "str x26, [x29]\n" + "adrp x29, o_X28\n" + "add x29, x29, :lo12:o_X28\n" + "str x28, [x29]\n" + ); +} + +int main(int argc, char **argv) { + run(); + show_state(); + return 0; +} +``` +2. Compile `test.bin` using this command: `aarch64-linux-gnu-gcc-12 -O2 -no-pie ./test.c -o ./test.bin`. +3. Run QEMU using this command: `qemu-aarch64 -L /usr/aarch64-linux-gnu/ ./test.bin`. +4. The program, runs on top of the buggy QEMU, prints the value of Z as `01`. It should print `00` after the bug is fixed. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2376 b/results/classifier/deepseek-r1:32b/output/instruction/2376 new file mode 100644 index 000000000..2f1d3c564 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2376 @@ -0,0 +1,117 @@ + + + +A bug in ARM VCMLA.f16/VCMLA.f32 instructions +Description of problem: +The vcmla instruction performs complex-number operations on the vector registers. There is a bug in which this instruction modifies the contents of an irrelevant vector register. + +The reason is simple out-of-bound; the helper functions should correctly check the number of modified elements: +``` +// target/arm/tcg/vec_helper.c +void HELPER(gvec_fcmlah_idx)(void *vd, void *vn, void *vm, void *va, + void *vfpst, uint32_t desc) +{ + uintptr_t opr_sz = simd_oprsz(desc); + float16 *d = vd, *n = vn, *m = vm, *a = va; + float_status *fpst = vfpst; + intptr_t flip = extract32(desc, SIMD_DATA_SHIFT, 1); + uint32_t neg_imag = extract32(desc, SIMD_DATA_SHIFT + 1, 1); + intptr_t index = extract32(desc, SIMD_DATA_SHIFT + 2, 2); + uint32_t neg_real = flip ^ neg_imag; + intptr_t elements = opr_sz / sizeof(float16); + intptr_t eltspersegment = 16 / sizeof(float16); // This should be fixed; + intptr_t i, j; + + ... +} + +... + +void HELPER(gvec_fcmlas_idx)(void *vd, void *vn, void *vm, void *va, + void *vfpst, uint32_t desc) +{ + uintptr_t opr_sz = simd_oprsz(desc); + float32 *d = vd, *n = vn, *m = vm, *a = va; + float_status *fpst = vfpst; + intptr_t flip = extract32(desc, SIMD_DATA_SHIFT, 1); + uint32_t neg_imag = extract32(desc, SIMD_DATA_SHIFT + 1, 1); + intptr_t index = extract32(desc, SIMD_DATA_SHIFT + 2, 2); + uint32_t neg_real = flip ^ neg_imag; + intptr_t elements = opr_sz / sizeof(float32); + intptr_t eltspersegment = 16 / sizeof(float32); // This should be fixed; + intptr_t i, j; + + ... +} +``` +Steps to reproduce: +1. Write `test.c`. +``` +#include <stdint.h> +#include <stdio.h> +#include <string.h> + +// zero inputs should produce zero output +char i_D4[8] = { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }; +char i_D8[8] = { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }; +char i_D30[8] = { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }; +char i_D31[8] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; // this should never be touched +char o_D30[8]; +char o_D31[8]; + +void __attribute__ ((noinline)) show_state() { + printf("D30: "); + for (int i = 0; i < 8; i++) { + printf("%02x ", o_D30[i]); + } + printf("\n"); + printf("D31: "); + for (int i = 0; i < 8; i++) { + printf("%02x ", o_D31[i]); + } + printf("\n"); +} + +void __attribute__ ((noinline)) run() { + __asm__ ( + "movw r7, #:lower16:i_D4\n" + "movt r7, #:upper16:i_D4\n" + "vldr d4, [r7]\n" + "movw r7, #:lower16:i_D8\n" + "movt r7, #:upper16:i_D8\n" + "vldr d8, [r7]\n" + "movw r7, #:lower16:i_D30\n" + "movt r7, #:upper16:i_D30\n" + "vldr d30, [r7]\n" + "movw r7, #:lower16:i_D31\n" + "movt r7, #:upper16:i_D31\n" + "vldr d31, [r7]\n" + "adr r7, Lbl_thumb + 1\n" + "bx r7\n" + ".thumb\n" + "Lbl_thumb:\n" + ".inst 0xfed8e804\n" // vcmla.f32 d30, d8, d4[0], #90 + "adr r7, Lbl_arm\n" + "bx r7\n" + ".arm\n" + "Lbl_arm:\n" + "movw r7, #:lower16:o_D30\n" + "movt r7, #:upper16:o_D30\n" + "vstr d30, [r7]\n" + "movw r7, #:lower16:o_D31\n" + "movt r7, #:upper16:o_D31\n" + "vstr d31, [r7]\n" + ); +} + +int main(int argc, char **argv) { + run(); + show_state(); + return 0; +} +``` +2. Compile `test.bin` using this command: `arm-linux-gnueabihf-gcc-12 -O2 -no-pie -marm -march=armv7-a+vfpv4 ./test.c -o ./test.bin`. +3. Run QEMU using this command: `qemu-arm -L /usr/arm-linux-gnueabihf/ ./test.bin`. +4. The program, runs on top of the buggy QEMU, prints the value of D31 as `00 00 c0 7f 00 00 c0 7f`. It should print `ff ff ff ff ff ff ff ff` after the bug is fixed. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2386 b/results/classifier/deepseek-r1:32b/output/instruction/2386 new file mode 100644 index 000000000..e62e288cb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2386 @@ -0,0 +1,46 @@ + + + +RISCV - Incorrect behaviour of the SLL instruction +Description of problem: +`SLL` (and probably other similar instructions) produce incorrect results. To quote the [RISCV ISA manual](https://drive.google.com/file/d/1uviu1nH-tScFfgrovvFCrj7Omv8tFtkp/view): + +> SLL, SRL, and SRA perform logical left, logical right, and arithmetic right shifts on the value in register +rs1 by the shift amount held in the lower 5 bits of register rs2. + +This instruction should perform a logical shift left by the shift amount from the lower 5 bits held in the third operand, however, it doesn't seem to be the case. As can be seen from the result of the snippet below: `55c3585000000000`, it seems that it calculates the correct value, but then shifts it by another 32 bits to the left: + +```python +correct_shift_res = (0xDB4D6868655C3585 << (0x69C99AB9B9401024 & 0b11111)) & (2 ** 64 - 1) +incorrect_qemu_produced = (correct_shift_res << 32) & (2 ** 64 - 1) +``` +Steps to reproduce: +1. Compile the attached source file: `riscv64-linux-gnu-gcc -static repro.c -o ./repro.elf` + +```c +#include <stdint.h> +#include <stdio.h> + +int main() { + uint64_t a = 0x69C99AB9B9401024; + uint64_t b = 0xDB4D6868655C3585; + uint64_t c; + + asm volatile("sll %0, %1, %2" : "=r"(c) : "r"(b), "r"(a)); + + printf("s8 : %lx\n", c); + printf("expected: %lx\n", 0xb4d6868655c35850); + + return 0; +} +``` + +2. Run qemu: `./qemu-riscv64 ./repro.elf` +3. You will see the output and what the result of the computation should really be: + +``` +s8 : 55c3585000000000 +expected: b4d6868655c35850 +``` +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2419 b/results/classifier/deepseek-r1:32b/output/instruction/2419 new file mode 100644 index 000000000..e3b6e57cc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2419 @@ -0,0 +1,21 @@ + + + +ldapr_stlr_i instructions doesn't consider signed offset +Description of problem: +The format ldapr_stlr_i models the load acquire / store release immediate instructions. \ +These instructions has a bug in the sign extension calculation of the imm field. \ +imm should be defined as s9 instead of 9. + +@ldapr_stlr_i .. ...... .. . imm:9 .. rn:5 rt:5 &ldapr_stlr_i + +Should be changed to: + +@ldapr_stlr_i .. ...... .. . imm:s9 .. rn:5 rt:5 &ldapr_stlr_i +Steps to reproduce: +1. Run ARM target +2. Generate any ldapr_stlr_i instructions (for example: LDAPUR) +3. When the imm value is negative, the immediate calculation is done wrong. In case the calculation leads to an undefined location, QEMU will fail. +Additional information: +In trans_LDAPR_i (translate-a64.c), when imm field is negative, the value of a->imm will be 512-x instead of x. \ +I already fixed the issue by adding the s9 to the imm field. This made a call to sextend32 for imm instead of extend32 in the generated file build/libqemu-aarch64-softmmu.fa.p/decode-a64.c.inc diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2422 b/results/classifier/deepseek-r1:32b/output/instruction/2422 new file mode 100644 index 000000000..b3ada641f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2422 @@ -0,0 +1,72 @@ + + + +`vill` not set after reserved `vsetvli` instruction usage +Description of problem: +The ["AVL encoding" section of the RISC-V V Spec 1.0](https://github.com/riscv/riscv-isa-manual/blob/main/src/v-st-ext.adoc#avl-encoding) states that a `vsetvli x0,x0,...` that changes VLMAX is reserved and "Implementations may set `vill`" in this case. QEMU does not set `vill` in this case. Doing so would help detect code generation issues and non-portable code. + +Here is the quote from the spec: + +> When `rs1=x0` and `rd=x0`, the instruction operates as if the current +> vector length in `vl` is used as the AVL, and the resulting value is +> written to `vl`, but not to a destination register. This form can +> only be used when VLMAX and hence `vl` is not actually changed by the +> new SEW/LMUL ratio. Use of the instruction with a new SEW/LMUL ratio +> that would result in a change of VLMAX is reserved. +> Use of the instruction is also reserved if `vill` was 1 beforehand. +> Implementations may set `vill` in either case. + +Note, I have not checked QEMU's behaviour for the other case mentioned in the quote: "Use of the instruction is also reserved if `vill` was 1 beforehand". +Steps to reproduce: +1. Create `test.c` +```C +#include <assert.h> + +/* Position of vill in vtype. */ + +#define VILL_BIT (__riscv_xlen - 1) + +/* Return true if vill is 1. */ + +int vill_set_p () +{ + __UINT64_TYPE__ vtype; + asm volatile ("csrr %0, vtype" : "=r"(vtype)); + + return (vtype >> VILL_BIT) & 1; +} + +/* Return true if vill is 0. */ + +int vill_clear_p () +{ + return !vill_set_p (); +} + +int main () +{ + int vl; + + assert (vill_clear_p ()); + + /* Valid: vl = VLMAX. */ + asm volatile ("vsetvli %0,zero,e64,m8,ta,ma\n" : "=r"(vl)); + assert (vill_clear_p ()); + + /* Valid: vl and VLMAX not changed. */ + asm volatile ("vsetvli zero,zero,e64,m8,ta,ma\n"); + assert (vill_clear_p ()); + + /* Reserved: Reduce VLMAX. */ + asm volatile ("vsetvli zero,zero,e64,m1,ta,ma\n"); + assert (vill_set_p ()); + + return 0; +} +``` +2. Build `test.c` with `riscv32-unknown-elf-gcc test.c -o test -march=rv64gcv -mabi=lp64d` +3. Run qemu with `qemu-riscv64 -cpu rv64,v=true test` +4. The final assertion fails because executing the reserved `vsetvli` did not set `vill` +``` +assertion "vill_set_p ()" failed: file "test.c", line 40, function: main +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2474 b/results/classifier/deepseek-r1:32b/output/instruction/2474 new file mode 100644 index 000000000..9a7c3f996 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2474 @@ -0,0 +1,99 @@ + + + +x86_64: strange translation of "vpgatherqq" +Description of problem: +The translate of instruction "vpgatherqq" is confusing. + +It happens when register xmm4 is in the middle, like "vpgatherqq %xmmi,0x0(,%xmm4,1),%xmmj". +Steps to reproduce: +1. Make a simple embedded assembly code named test.c: +``` +int main() +{ + asm("vpgatherqq %xmm6,0x123(,%xmm2,4),%xmm7"); + asm("vpgatherqq %xmm6,0x123(,%xmm3,4),%xmm7"); + asm("vpgatherqq %xmm6,0x123(,%xmm4,4),%xmm7"); + asm("vpgatherqq %xmm6,0x123(,%xmm5,4),%xmm7"); + return 0; +} +``` +and compile it: +``` +gcc -o test test.c -static +``` + +2. Run it with QEMU, print the micro ops: +``` +qemu-x86_64 -d op -D a.out test +``` +We can get output like this (only contain vpgatherqq): +``` + ---- 000000000040174d 0000000000000000 + mov_i64 loc2,$0x123 + add_i64 loc14,env,$0x3d0 #This is xmm2 + add_i64 loc16,env,$0x4d0 + add_i64 loc18,env,$0x510 + call vpgatherqq_xmm,$0x0,$0,env,loc18,loc16,loc14,loc2,$0x2 + mov_vec v128,e8,tmp20,v128$0x0 + st_vec v128,e8,tmp20,env,$0x4e0 + mov_vec v128,e8,tmp22,v128$0x0 + st_vec v128,e8,tmp22,env,$0x520 + + ---- 0000000000401757 0000000000000000 + mov_i64 loc2,$0x123 + add_i64 loc23,env,$0x410 #This is xmm3 + add_i64 loc25,env,$0x4d0 + add_i64 loc26,env,$0x510 + call vpgatherqq_xmm,$0x0,$0,env,loc26,loc25,loc23,loc2,$0x2 + mov_vec v128,e8,tmp27,v128$0x0 + st_vec v128,e8,tmp27,env,$0x4e0 + mov_vec v128,e8,tmp28,v128$0x0 + st_vec v128,e8,tmp28,env,$0x520 + + ---- 0000000000401761 0000000000000000 + mov_i64 loc2,$0x123 + add_i64 loc29,env,$0x310 #This is xmm4 ??? + add_i64 loc31,env,$0x4d0 + add_i64 loc32,env,$0x510 + call vpgatherqq_xmm,$0x0,$0,env,loc32,loc31,loc29,loc2,$0x2 + mov_vec v128,e8,tmp33,v128$0x0 + st_vec v128,e8,tmp33,env,$0x4e0 + mov_vec v128,e8,tmp34,v128$0x0 + st_vec v128,e8,tmp34,env,$0x520 + + ---- 000000000040176b 0000000000000000 + mov_i64 loc2,$0x123 + add_i64 loc35,env,$0x490 #This is xmm5 + add_i64 loc37,env,$0x4d0 + add_i64 loc38,env,$0x510 + call vpgatherqq_xmm,$0x0,$0,env,loc38,loc37,loc35,loc2,$0x2 + mov_vec v128,e8,tmp39,v128$0x0 + st_vec v128,e8,tmp39,env,$0x4e0 + mov_vec v128,e8,tmp40,v128$0x0 + st_vec v128,e8,tmp40,env,$0x520 +``` +3. + +Since the register xmms are continuous within the structure CPUArchState, the offset of xmm2, xmm3, xmm4, xmm5 should be a arithmetic sequence. + +From the output, we can infer that the common difference should be 0x40 and the offset of xmm4 should be 0x450 but not 0x310. + +I used GDB to track it, the location where the change occurred is: + +target/i386/tcg/translate.c, gen_lea_modrm_0(), line 2215: +``` + if (rm == 4) { + int code = x86_ldub_code(env, s); + scale = (code >> 6) & 3; + index = ((code >> 3) & 7) | REX_X(s); + if (index == 4) { + index = -1; /* no index */ + } + base = (code & 7) | REX_B(s); + havesib = 1; + } +``` +This code turned 4 into -1, and -1 do explain the offset 0x310 (xmm0 has offset 0x350). +Additional information: +Monitoring the function "helper_vpgatherqq_xmm" can draw similar conclusions: it used wrong value but not xmm4. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2483 b/results/classifier/deepseek-r1:32b/output/instruction/2483 new file mode 100644 index 000000000..7c0fba74f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2483 @@ -0,0 +1,23 @@ + + + +m68k: jsr (sp) doesn't work as expected +Description of problem: +Consider the following code (disassembly from ghidra). This copies the current `SP` to `A1` then copies 0x68 bytes from the address pointed at by `A0` to the address pointed at by `A1` with increment. This should end up with a copy of some bytes and `SP` pointing at the first. + +``` + ff8241e6 22 4f movea.l SP,A1 + ff8241e8 70 68 moveq #0x68,D0 + LAB_ff8241ea XREF[1]: ff8241ee(j) + ff8241ea 12 d8 move.b (A0)+,(A1)+ + ff8241ec 53 80 subq.l #0x1,D0 + ff8241ee 66 fa bne.b LAB_ff8241ea + ff8241f0 4e 97 jsr (SP) +``` + +`SP` is `0x3bfc` at the `jsr` so we'd expect to jump to `0x3bfc` and put the address to return to at `0x3bf8` so the `jsr` can return I think? +What currently happens in QEMU is the return address is put at `0xb3f8` and `PC` also becomes `0x3bf8` and the return address starts being executed as code and things go off the rails. + +Forgive the screenshot but this is what it looks like with GDB connected. Dumping the memory where the `PC` is shows that the return address is actually there and we can see there is garbage before the instructions it should be executing. + +{width=289 height=759} diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2487 b/results/classifier/deepseek-r1:32b/output/instruction/2487 new file mode 100644 index 000000000..c5d0c2770 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2487 @@ -0,0 +1,71 @@ + + + +qemu-x86_64: qemu/tcg/ppc/tcg-target.c.inc:1777:tcg_out_test: code should not be reached +Description of problem: +Using this basic test file: + +```c +int +main (void) +{ + return 0; +} +``` + +compiled into a static executable using an x86_64 toolchain (glibc or musl both tested), + +``` +gwyn ~/qemu-bug # file test1 +test1: ELF 64-bit LSB pie executable, x86-64, version 1 (SYSV), static-pie linked, with debug_info, not stripped + +gwyn ~/qemu-bug # file test2 +test2: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, BuildID[sha1]=276dc49ee7cbd3b760e24761bf9fb9e1cc4b4349, for GNU/Linux 3.2.0, not stripped +``` + +Using QEMU from 15957eb9efe2da67c796612cead95cba28ba9bda or newer: + +``` +gwyn ~/qemu-bug # ../emus-ppc64/bin/qemu-x86_64 --version +qemu-x86_64 version 9.0.50 (v9.0.0-521-g15957eb9ef-dirty) +Copyright (c) 2003-2024 Fabrice Bellard and the QEMU Project developers +``` + +QEMU crashes: + +``` +gwyn ~/qemu-bug # ../emus-ppc64/bin/qemu-x86_64 ./test2 +** +ERROR:/root/qemu/tcg/ppc/tcg-target.c.inc:1777:tcg_out_test: code should not be reached +Bail out! ERROR:/root/qemu/tcg/ppc/tcg-target.c.inc:1777:tcg_out_test: code should not be reached +Aborted +``` +Steps to reproduce: +1. Build QEMU user for ppc64 (may affect other hosts) using commit 15957eb9efe2da67c796612cead95cba28ba9bda or newer. +2. Run any simple x86_64 executable. +3. Observe the crash. +Additional information: +Bisected to here: + +``` +commit 15957eb9efe2da67c796612cead95cba28ba9bda +Author: Paolo Bonzini <pbonzini@redhat.com> +Date: Fri Oct 27 05:57:31 2023 +0200 + + target/i386: use TSTEQ/TSTNE to test low bits + + When testing the sign bit or equality to zero of a partial register, it + is useful to use a single TSTEQ or TSTNE operation. It can also be used + to test the parity flag, using bit 0 of the population count. + + Do not do this for target_ulong-sized values however; the optimizer would + produce a comparison against zero anyway, and it avoids shifts by 64 + which are undefined behavior. + + Reviewed-by: Richard Henderson <richard.henderson@linaro.org> + Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> + + target/i386/tcg/emit.c.inc | 5 ++--- + target/i386/tcg/translate.c | 28 ++++++++++++++++++++-------- + 2 files changed, 22 insertions(+), 11 deletions(-) +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2495 b/results/classifier/deepseek-r1:32b/output/instruction/2495 new file mode 100644 index 000000000..2ba714012 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2495 @@ -0,0 +1,75 @@ + + + +A bug in x86-64 MMX instructions +Description of problem: +It seems QEMU emits invalid TCG when lifting MMX instructions with redundant REX prefixes. For example, when lifting `490f7ec0 (movq r8, mm0)`, QEMU generates the following valid TCG. + +``` + ---- 00000000004011f2 0000000000000000 + call enter_mmx,$0x0,$0,env + ld_i64 loc0,env,$0x270 + mov_i64 r8,loc0 + mov_i64 rip,$0x4011f6 + exit_tb $0x0 + set_label $L0 + exit_tb $0x7f84f82ec143 +``` + +However, after changing the value of the rex prefix to `4f` , so the instruction becomes `4f0f7ec0 (rex.WRXB movq r8, mm0)`, the lifted TCG is changed to: + +``` + ---- 00000000004011f2 0000000000000000 + call enter_mmx,$0x0,$0,env + ld_i64 loc0,env,$0x2f0 // The offset to MM0 is changed + mov_i64 r8,loc0 + mov_i64 rip,$0x4011f6 + exit_tb $0x0 + set_label $L0 + exit_tb $0x7f98e82ec143 +``` + +I have observed this bug in numerous MMX instructions. For example, `410fdaff (rex.B pminub mm7, mm7)` is lifted to the wrong TCGs. + +It seems this bug looks similar to #2474. +Steps to reproduce: +1. Write `test.c` +``` +#include <stdint.h> +#include <stdio.h> +#include <string.h> + +uint8_t i_R8[8] = { 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0 }; +uint8_t i_MM0[8] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }; +uint8_t o_R8[8]; + +void __attribute__ ((noinline)) show_state() { + printf("R8: "); + for (int i = 0; i < 8; i++) { + printf("%02x ", o_R8[i]); + } + printf("\n"); +} + +void __attribute__ ((noinline)) run() { + __asm__ ( + ".intel_syntax noprefix\n" + "mov r8, qword ptr [rip + i_R8]\n" + "movq mm0, qword ptr [rip + i_MM0]\n" + ".byte 0x4f, 0x0f, 0x7e, 0xc0\n" + "mov qword ptr [rip + o_R8], r8\n" + ".att_syntax\n" + ); +} + +int main(int argc, char **argv) { + run(); + show_state(); + return 0; +} +``` +2. Compile `test.bin` using this command: `gcc-12 -O2 -no-pie ./test.c -o ./test.bin` +3. Run QEMU using this command: `qemu-x86_64 ./test.bin` +4. The program, runs on top of the buggy QEMU, prints the value of R8 as `00 00 00 00 00 00 00 00`. It should print `ff ff ff ff ff ff ff ff` after the bug is fixed. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2497 b/results/classifier/deepseek-r1:32b/output/instruction/2497 new file mode 100644 index 000000000..92bc09806 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2497 @@ -0,0 +1,6 @@ + + + +m68k: fpu: FPIAR register is not implemented +Description of problem: +QEMU doesn't currently implement the `FPIAR` register in the FPU which is fine in most cases but test code (like that in 147bug) that is testing if instructions like `fmove` are working correctly by writing to the register and reading it back don't get the value written when reading it back and detect a failure. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2498 b/results/classifier/deepseek-r1:32b/output/instruction/2498 new file mode 100644 index 000000000..bf51612fa --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2498 @@ -0,0 +1,54 @@ + + + +m68k: fpu: fmovem with multiple control registers has incorrect in memory order +Description of problem: +It looks like the order of reading/writing registers is currently incorrect for `fmovem` with multiple fpu control registers. + +According to the manual: + +``` +The +registers are always moved in the same order, regardless of the addressing mode +used; the floating-point control register is moved first, followed by the floating-point +status register, and the floating-point instruction address register is moved last. +``` + +Current QEMU reads/writes them in the reverse order which is fine for most things but the test cases in 147bug compare against data that is in its binary and expects the data generated in memory by the CPU to match what is in it's binary. + +Maybe something like this is needed: + +``` diff +commit 466e8ead0115b6535e89aa2715f171112444b294 (HEAD -> m68kdt) +Author: Daniel Palmer <daniel@thingy.jp> +Date: Tue Aug 13 09:52:54 2024 +0900 + + fix fmovem ordering + +diff --git a/target/m68k/translate.c b/target/m68k/translate.c +index 92dc9d8563..64ff2df06e 100644 +--- a/target/m68k/translate.c ++++ b/target/m68k/translate.c +@@ -4924,8 +4924,8 @@ static void gen_op_fmove_fcr(CPUM68KState *env, DisasContext *s, + */ + + if (is_write && mode == 4) { +- for (i = 2; i >= 0; i--, mask >>= 1) { +- if (mask & 1) { ++ for (i = 2; i >= 0; i--, mask <<= 1) { ++ if (mask & 0b100) { + gen_qemu_store_fcr(s, addr, 1 << i); + if (mask != 1) { + tcg_gen_subi_i32(addr, addr, opsize_bytes(OS_LONG)); +@@ -4934,8 +4934,8 @@ static void gen_op_fmove_fcr(CPUM68KState *env, DisasContext *s, + } + tcg_gen_mov_i32(AREG(insn, 0), addr); + } else { +- for (i = 0; i < 3; i++, mask >>= 1) { +- if (mask & 1) { ++ for (i = 2; i >= 0; i--, mask <<= 1) { ++ if (mask & 0b100) { + if (is_write) { + gen_qemu_store_fcr(s, addr, 1 << i); + } else { +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2499 b/results/classifier/deepseek-r1:32b/output/instruction/2499 new file mode 100644 index 000000000..f6bfb80d5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2499 @@ -0,0 +1,33 @@ + + + +m68k: fpu: fsave/frestore should be enabled for 68020/68030 +Description of problem: +valid 68020/68030 code can use `fsave`/`frestore` instructions to save/restore the state of an external 68881/68882 but currently QEMU only allows these instructions on 68040 and everyone else gets an f-line exception. + +I guess something like this to allow frestore/fsave. m68k programmers reference manual says they are 68881/68882/68040 and there don's seem to be any differences. + +``` diff +diff --git a/target/m68k/translate.c b/target/m68k/translate.c +index d5d2322329..92dc9d8563 100644 +--- a/target/m68k/translate.c ++++ b/target/m68k/translate.c +@@ -5455,7 +5455,7 @@ DISAS_INSN(frestore) + gen_exception(s, s->base.pc_next, EXCP_PRIVILEGE); + return; + } +- if (m68k_feature(s->env, M68K_FEATURE_M68040)) { ++ if (m68k_feature(s->env, M68K_FEATURE_FPU)) { + SRC_EA(env, addr, OS_LONG, 0, NULL); + /* FIXME: check the state frame */ + } else { +@@ -5472,7 +5472,7 @@ DISAS_INSN(fsave) + return; + } + +- if (m68k_feature(s->env, M68K_FEATURE_M68040)) { ++ if (m68k_feature(s->env, M68K_FEATURE_FPU)) { + /* always write IDLE */ + TCGv idle = tcg_constant_i32(0x41000000); + DEST_EA(env, insn, OS_LONG, idle, NULL); +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2500 b/results/classifier/deepseek-r1:32b/output/instruction/2500 new file mode 100644 index 000000000..a23fcaed6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2500 @@ -0,0 +1,7 @@ + + + +m68k: mmu: 68030 mmu instructions are missing +Description of problem: +The 68030 has some mmu instructions like `pmove` that are only valid for the 68030 (and maybe the external mmu for the 68020??). +QEMU doesn't currently implement `pmove` and the encoding of `pmove` seems to be the same as an f-line instruction that should generate an f-line exception on everything except the 68030 so currently an f-line exception happens instead of the intended load/store to the mmu. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2595 b/results/classifier/deepseek-r1:32b/output/instruction/2595 new file mode 100644 index 000000000..07e871de6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2595 @@ -0,0 +1,138 @@ + + + +Incorrect behavior with 64-bit element SDOT and UDOT instructions on ARM SVE when sve-default-vector-length>=64 +Description of problem: +The behavior of SDOT and UDOT instructions are incorrect when the Zresult.D register is used, which is the 64-bit svdot_lane\_{s,u}64 intrinsic in ACLE. + +I have tested the same code using [Arm Instruction Emulator](https://developer.arm.com/Tools%20and%20Software/Arm%20Instruction%20Emulator) (which is deprecated though) and gem5 which produced correct result, I believe that the SDOT and UDOT implementation in qemu is incorrect. +Steps to reproduce: +1. Get Arm Gnu toolchain from [Arm GNU Toolchain Downloads – Arm Developer](https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads), for x86 Linux hosts, download arm-gnu-toolchain-13.3.rel1-x86_64-aarch64-none-linux-gnu.tar.xz and extract it. Alternatively, use any compiler that is able to cross compile for armv8.2-a+sve targets. +2. Compile the following program with these compiler arguments + + ``` + arm-gnu-toolchain-13.3.rel1-x86_64-aarch64-none-linux-gnu/bin/aarch64-none-linux-gnu-gcc -O3 -march=armv8.2-a+sve dot_lane.c -o dot_lane + ``` + + ```c + #include <stdio.h> + #include <arm_sve.h> + + int64_t a[32] = { 0 }; + int16_t b[128]; + int16_t c[128]; + int64_t r[32]; + int64_t expected_r[32]; + + #define IMM 0 + + int main(void) + { + for (size_t i = 0; i < 128; i++) { + b[i] = 1; + c[i] = i / 4; + } + + svint64_t av = svld1(svptrue_b64(), a); + svint16_t bv = svld1(svptrue_b16(), b); + svint16_t cv = svld1(svptrue_b16(), c); + + svint64_t result = svdot_lane_s64(av, bv, cv, IMM); + + svst1(svptrue_b64(), r, result); + + for (size_t i = 0; i < svcntd(); i++) { + expected_r[i] = + (int64_t)b[i * 4 + 0] * (int64_t)c[(i - i % 2) * 4 + IMM * 4 + 0] + + (int64_t)b[i * 4 + 1] * (int64_t)c[(i - i % 2) * 4 + IMM * 4 + 1] + + (int64_t)b[i * 4 + 2] * (int64_t)c[(i - i % 2) * 4 + IMM * 4 + 2] + + (int64_t)b[i * 4 + 3] * (int64_t)c[(i - i % 2) * 4 + IMM * 4 + 3] + + a[i]; + } + + printf("%12s", "r: "); + for (size_t i = 0; i < svcntd(); i++) { + printf("%4ld", r[i]); + } + printf("\n"); + printf("%12s", "expected_r: "); + for (size_t i = 0; i < svcntd(); i++) { + printf("%4ld", expected_r[i]); + } + printf("\n\t\t"); + for (size_t i = 0; i < svcntd(); i++) { + if (r[i] != expected_r[i]) { + printf("%4c", '^'); + } else { + printf("%4c", ' '); + } + } + printf("\n"); + printf("idx:\t\t"); + for (size_t i = 0; i < svcntd(); i++) { + if (r[i] != expected_r[i]) { + printf("%4d", i); + } else { + printf("%4c", ' '); + } + } + printf("\n"); + + return 0; + } + ``` +3. Execute it with the following commands: + + ``` + qemu-aarch64 -cpu max,sve-default-vector-length=16 -L arm-gnu-toolchain-13.3.rel1-x86_64-aarch64-none-linux-gnu/bin/../aarch64-none-linux-gnu/libc dot_lane + ``` + + Change the value of `sve-default-vector-length` to 32, 64, 128, 256 and observe the outputs, we should see that for `sve-default-vector-length` \>= 64, the result is incorrect. + + `sve-default-vector-length=16` + + ``` + r: 0 0 + expected_r: 0 0 + + idx: + ``` + + `sve-default-vector-length=32` + + ``` + r: 0 0 8 8 + expected_r: 0 0 8 8 + + idx: + ``` + + `sve-default-vector-length=64` + + ``` + r: 0 0 8 8 8 8 24 24 + expected_r: 0 0 8 8 16 16 24 24 + ^ ^ + idx: 4 5 + ``` + + `sve-default-vector-length=128` + + ``` + r: 0 0 8 8 8 8 24 24 24 24 40 40 40 40 56 56 + expected_r: 0 0 8 8 16 16 24 24 32 32 40 40 48 48 56 56 + ^ ^ ^ ^ ^ ^ + idx: 4 5 8 9 12 13 + ``` + + `sve-default-vector-length=256` + + ``` + r: 0 0 8 8 8 8 24 24 24 24 40 40 40 40 56 56 56 56 72 72 72 72 88 88 88 88 104 104 104 104 120 120 + expected_r: 0 0 8 8 16 16 24 24 32 32 40 40 48 48 56 56 64 64 72 72 80 80 88 88 96 96 104 104 112 112 120 120 + ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ ^ + idx: 4 5 8 9 12 13 16 17 20 21 24 25 28 29 + ``` +4. By passing `-S` to the compiler, we can see that sdot (or udot if using `svdot_lane_u64()`) is produced in assembly (`sdot z0.d, z1.h, z2.h[0]`), which is correct behavior according to [Intrinsics – Arm Developer](https://developer.arm.com/architectures/instruction-sets/intrinsics/svdot_lane%5B_s64%5D). +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2604 b/results/classifier/deepseek-r1:32b/output/instruction/2604 new file mode 100644 index 000000000..eaa3a5380 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2604 @@ -0,0 +1,47 @@ + + + +qemu-user-static crash when executing generated NEON code due to failure to detect invalidation +Description of problem: +`qemu-arm-static` crashes 100% of times when attempting to run NEON code. The same executable, when run in `system` emulation mode, works without issue. + +I experience this particular issue when attempting to test GStreamer's Orc library with NEON codegen with QEMU user emulation. +Steps to reproduce: +1. Clone https://gitlab.freedesktop.org/gstreamer/orc.git +2. Build with `meson setup build -Ddefault_library=static; meson compile -C build` +3. Run `qemu-arm-static ./build/tools/orc-bugreport` +Additional information: +The crash always happens inside the same JIT code. It is not a memory access, so there is no reason for QEMU to report SIGSEGV: + +``` +Program received signal SIGSEGV, Segmentation fault. +0x409e503c in ?? () +(gdb) bt +#0 0x409e503c in ?? () +#1 0x00408bc6 in orc_executor_run (ex=0x51cfc0) at ../orc/orcexecutor.c:51 +#2 0x00489692 in orc_test_compare_output_full_for_target (program=0x4bcd90, flags=0, + target_name=0x0) at ../orc-test/orctest.c:800 +#3 0x00489004 in orc_test_compare_output_full (program=0x4bcd90, flags=0) + at ../orc-test/orctest.c:664 +#4 0x00404826 in test_opcode_src (opcode=0x4b098c <opcodes+2400>) + at ../tools/orc-bugreport.c:252 +#5 0x004045d8 in test_opcodes () at ../tools/orc-bugreport.c:188 +#6 0x004043f2 in main (argc=1, argv=0x40800704) at ../tools/orc-bugreport.c:118 +(gdb) disas 0x409e5030 +No function contains specified address. +(gdb) disas 0x409e5030, +10 +Dump of assembler code from 0x409e5030 to 0x409e503a: + 0x409e5030: vld1.8 {d4-d5}, [r3] + 0x409e5034: vst1.8 {d4-d5}, [r2] + 0x409e5038: add r2, r2, #16 +End of assembler dump. +(gdb) disas 0x409e5030, +20 +Dump of assembler code from 0x409e5030 to 0x409e5044: + 0x409e5030: vld1.8 {d4-d5}, [r3] + 0x409e5034: vst1.8 {d4-d5}, [r2] + 0x409e5038: add r2, r2, #16 +=> 0x409e503c: add r3, r3, #16 + 0x409e5040: subs r12, r12, #1 +End of assembler dump. +(gdb) +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/266 b/results/classifier/deepseek-r1:32b/output/instruction/266 new file mode 100644 index 000000000..bd31cb7da --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/266 @@ -0,0 +1,4 @@ + + + +'mtfsf' instruction can clear FI incorrectly diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2696 b/results/classifier/deepseek-r1:32b/output/instruction/2696 new file mode 100644 index 000000000..3fdc8f0a0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2696 @@ -0,0 +1,15 @@ + + + +qemu-hexagon 9.2.0-rc1 hits unreachable assertion in decode_insns() on invalid instruction +Description of problem: +``` +❯ cat start.s +.globl _start +_start: .word 0 +❯ clang start.s -target hexagon-linux -nostdlib -fuse-ld=lld +❯ qemu-hexagon ./a.out +** +ERROR:../target/hexagon/decode.c:492:decode_insns: code should not be reached +Bail out! ERROR:../target/hexagon/decode.c:492:decode_insns: code should not be reached +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2775 b/results/classifier/deepseek-r1:32b/output/instruction/2775 new file mode 100644 index 000000000..d4fa3fbda --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2775 @@ -0,0 +1,137 @@ + + + +internal assertion failure in sparc64 codegen: translate.c:5695:sparc_tr_insn_start: code should not be reached +Description of problem: +qemu crashes with internal assertion: + +ERROR:../target/sparc/translate.c:5695:sparc_tr_insn_start: code should not be reached +Steps to reproduce: +1. boot emulated NetBSD/sparc64 system +2. cd /usr/tests && atf-run|atf-report + +not 100% reproducable, but happens often +Additional information: +last output: +``` +IN: +0x4102ce80: sethi %hi(0x29e0000), %g1 +0x4102ce84: b,a 0x40d78220 + +---------------- +IN: +0x41029fc0: sethi %hi(0x1e30000), %g1 +0x41029fc4: b,a 0x40e9ccc0 + +---------------- +IN: +0x4102b5e0: sethi %hi(0x23b8000), %g1 +0x4102b5e4: b,a 0x40e9dc20 + +---------------- +IN: +0x4102a6e0: sethi %hi(0x1ff8000), %g1 +0x4102a6e4: b,a 0x40e9cbc0 + +---------------- +IN: +0x410230e0: sethi %hi(0x278000), %g1 +0x410230e4: b,a 0x40e25d60 + +---------------- +IN: +0x41026920: sethi %hi(0x1088000), %g1 +0x41026924: b,a 0x40d77da0 + +---------------- +IN: +0x41024140: sethi %hi(0x690000), %g1 +0x41024144: b,a 0x40e25f00 + +---------------- +IN: +0x00245c20: sethi %hi(0xc8000), %g1 +0x00245c24: sethi %hi(0x40d77c00), %g1 +0x00245c28: jmp %g1 + 0x1a0 ! 0x40d77da0 +0x00245c2c: nop + +---------------- +IN: +0x00245ba0: sethi %hi(0xa8000), %g1 +0x00245ba4: b,a %xcc, 0x245920 + +---------------- +IN: +0x00245ba0: sethi %hi(0xa8000), %g1 +0x00245ba4: sethi %hi(0x40d76c00), %g1 +0x00245ba8: jmp %g1 + 0x80 ! 0x40d76c80 +0x00245bac: nop + +---------------- +IN: +0x00245e60: sethi %hi(0x158000), %g1 +0x00245e64: b,a %xcc, 0x245920 + +---------------- +IN: +0x00245e60: sethi %hi(0x158000), %g1 +0x00245e64: sethi %hi(0x40d76400), %g1 +0x00245e68: jmp %g1 + 0x260 ! 0x40d76660 +0x00245e6c: nop + +---------------- +IN: +0x002465a0: sethi %hi(0x328000), %g1 +0x002465a4: sethi %hi(0x40d69000), %g1 +0x002465a8: jmp %g1 + 0x198 ! 0x40d69198 +0x002465ac: nop + +** +ERROR:../target/sparc/translate.c:5695:sparc_tr_insn_start: code should not be reached +``` + +gdb says: +``` +#0 0x000079343d6ebbfa in _lwp_kill () from /usr/lib/libc.so.12 +#1 0x000079343d6f7034 in abort () + at /home/martin/current/src/lib/libc/stdlib/abort.c:74 +#2 0x000079343e06a03a in g_assertion_message[cold] () + from /usr/pkg/lib/libglib-2.0.so.0 +#3 0x000079343e03c719 in g_assertion_message_expr () + from /usr/pkg/lib/libglib-2.0.so.0 +#4 0x0000000000a23345 in sparc_tr_insn_start (dcbase=<optimized out>, + cs=<optimized out>) at ../target/sparc/translate.c:5695 +#5 0x0000000000aa932f in translator_loop (cpu=cpu@entry=0x7933fac3be40, + tb=tb@entry=0x79341ba52840 <code_gen_buffer+549308435>, + max_insns=max_insns@entry=0x7933fa5d3d44, pc=pc@entry=1206519, + host_pc=host_pc@entry=0x7933f52a58f7, + ops=ops@entry=0xfac3c0 <sparc_tr_ops>, db=db@entry=0x7933fa5d3b80) + at ../accel/tcg/translator.c:152 +#6 0x0000000000a368ca in gen_intermediate_code (cs=cs@entry=0x7933fac3be40, + tb=tb@entry=0x79341ba52840 <code_gen_buffer+549308435>, + max_insns=max_insns@entry=0x7933fa5d3d44, pc=pc@entry=1206519, + host_pc=host_pc@entry=0x7933f52a58f7) at ../target/sparc/translate.c:5816 +#7 0x0000000000aa7e90 in setjmp_gen_code (env=env@entry=0x7933fac3e5e0, + tb=tb@entry=0x79341ba52840 <code_gen_buffer+549308435>, + pc=pc@entry=1206519, host_pc=0x7933f52a58f7, + max_insns=max_insns@entry=0x7933fa5d3d44, ti=<optimized out>) + at ../accel/tcg/translate-all.c:278 +#8 0x0000000000aa835d in tb_gen_code (cpu=cpu@entry=0x7933fac3be40, + pc=pc@entry=1206519, cs_base=cs_base@entry=1206523, flags=2181038080, + cflags=cflags@entry=-16777216) at ../accel/tcg/translate-all.c:358 +#9 0x0000000000aa135b in cpu_exec_loop (cpu=cpu@entry=0x7933fac3be40, + sc=sc@entry=0x7933fa5d3e80) at ../accel/tcg/cpu-exec.c:993 +#10 0x0000000000aa1788 in cpu_exec_setjmp (cpu=cpu@entry=0x7933fac3be40, + sc=sc@entry=0x7933fa5d3e80) at ../accel/tcg/cpu-exec.c:1039 +#11 0x0000000000aa1f8d in cpu_exec (cpu=cpu@entry=0x7933fac3be40) + at ../accel/tcg/cpu-exec.c:1065 +#12 0x0000000000abb53d in tcg_cpu_exec (cpu=cpu@entry=0x7933fac3be40) + at ../accel/tcg/tcg-accel-ops.c:78 +#13 0x0000000000abb6ae in mttcg_cpu_thread_fn (arg=arg@entry=0x7933fac3be40) + at ../accel/tcg/tcg-accel-ops-mttcg.c:95 +#14 0x0000000000c7f750 in qemu_thread_start (args=0x79343aef7520) + at ../util/qemu-thread-posix.c:541 +#15 0x000079343d98c145 in pthread__create_tramp (cookie=0x79343c583000) + at /home/martin/current/src/lib/libpthread/pthread.c:595 +#16 0x000079343d5d1310 in ?? () from /usr/lib/libc.so.12 +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2865 b/results/classifier/deepseek-r1:32b/output/instruction/2865 new file mode 100644 index 000000000..91400a862 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2865 @@ -0,0 +1,55 @@ + + + +loongarch64: wrong implementation of `xvldi` instruction +Description of problem: +Consider this sample program. + +```c++ +#include <cstdio> +#include <cstdint> +#include <lsxintrin.h> +#include <lasxintrin.h> + +void dump_u32(__m256i x) { + uint32_t tmp[32/4]; + __lasx_xvst(x, tmp, 0); + putchar('['); + for (int i=0; i < 32/4; i++) { + if (i > 0) { + putchar(' '); + } + + printf("%08x", tmp[i]); + } + puts("]"); +} + +int main() { + __m256i const1 = __lasx_xvldi(-3832); + dump_u32(const1); +} +``` + +The magic constants here means: replicate in 32-bit words a byte (0x4) shifted left by 8. We should have a vector of words 0x800, and indeed, the program run on a real hardware prints expected: + +``` +[00000800 00000800 00000800 00000800 00000800 00000800 00000800 00000800] +``` + +The same program run under Qemu prints: + +``` +[08000800 00000000 08000800 00000000 08000800 00000000 08000800 00000000] +``` +Additional information: +I grabbed the latest sources, it seems there's bug in `target/loongarch/tcg/insn_trans/trans_vec.c.inc`, in function `vldi_get_value`. + +```c + case 1: + /* data: {2{16'0, imm[7:0], 8'0}} */ + data = (t << 24) | (t << 8); + break; +``` + +There should be `(t << (8+32)) | t << 8`. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2878 b/results/classifier/deepseek-r1:32b/output/instruction/2878 new file mode 100644 index 000000000..0cf0f9d8c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2878 @@ -0,0 +1,4 @@ + + + +Support for avx512 in qemu user space emulation. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/2971 b/results/classifier/deepseek-r1:32b/output/instruction/2971 new file mode 100644 index 000000000..706ee9d06 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/2971 @@ -0,0 +1,47 @@ + + + +loongarch64 crashes caused by lenient instruction decoding of vldi and xvldi +Description of problem: +Lenient instruction decoding of `vldi` and `xvldi` leads to Qemu crashes. + +The decoding of `vldi` and `xvldi` instruction allows for instructions with illegal immediates. + +`target/loongarch/insns.decode`: + +``` +vldi 0111 00111110 00 ............. ..... @v_i13 +xvldi 0111 01111110 00 ............. ..... @v_i13 +``` + +This is considered in `target/loongarch/tcg/insn_trans/trans_vec.c.inc`: + +```C + /* + * imm bit [11:8] is mode, mode value is 0-12. + * other values are invalid. + */ +``` + +However, an assertion error is raised when this condition is violated and qemu crashes: + +``` +** +ERROR:target/loongarch/insn_trans/trans_vec.c.inc:3574:vldi_get_value: code should not be reached +Bail out! ERROR:target/loongarch/insn_trans/trans_vec.c.inc:3574:vldi_get_value: code should not be reached +``` + +On hardware (Loongson 3A5000), these instructions cause a SIGILL. +Steps to reproduce: +1. compile the `test_inv_vldi` test program for loongarch64 (see additional information) +2. run `qemu-loongarch64-static ./test_inv_vldi` +Additional information: +I will post a patch for this issue to the mailing list soon. + +`test_inv_vldi` source code: + +```C +int main(int argc, char** argv) { + asm volatile(".4byte 0x73e3a000"); +} +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/312 b/results/classifier/deepseek-r1:32b/output/instruction/312 new file mode 100644 index 000000000..eeba93125 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/312 @@ -0,0 +1,4 @@ + + + +QEMU emulation of fmadds instruction on powerpc64le is buggy diff --git a/results/classifier/deepseek-r1:32b/output/instruction/364 b/results/classifier/deepseek-r1:32b/output/instruction/364 new file mode 100644 index 000000000..19a9fae8c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/364 @@ -0,0 +1,4 @@ + + + +qemu-aarch64: incorrect signed comparison in ldsmax instructions diff --git a/results/classifier/deepseek-r1:32b/output/instruction/381 b/results/classifier/deepseek-r1:32b/output/instruction/381 new file mode 100644 index 000000000..459d6c328 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/381 @@ -0,0 +1,4 @@ + + + +ERROR:target/arm/translate-a64.c:13229:disas_simd_two_reg_misc_fp16: code should not be reached diff --git a/results/classifier/deepseek-r1:32b/output/instruction/390 b/results/classifier/deepseek-r1:32b/output/instruction/390 new file mode 100644 index 000000000..28313d0fb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/390 @@ -0,0 +1,4 @@ + + + +target/ppc: atomic path of Load Quadword instruction require address with write permission diff --git a/results/classifier/deepseek-r1:32b/output/instruction/422 b/results/classifier/deepseek-r1:32b/output/instruction/422 new file mode 100644 index 000000000..d637043bf --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/422 @@ -0,0 +1,4 @@ + + + +Unable to execute MIPS MSA code due to illegal instruction diff --git a/results/classifier/deepseek-r1:32b/output/instruction/427 b/results/classifier/deepseek-r1:32b/output/instruction/427 new file mode 100644 index 000000000..87592bc9b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/427 @@ -0,0 +1,4 @@ + + + +TCG: QEMU incorrectly raises exception on SSE4.2 CRC32 instruction diff --git a/results/classifier/deepseek-r1:32b/output/instruction/449 b/results/classifier/deepseek-r1:32b/output/instruction/449 new file mode 100644 index 000000000..7b194c316 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/449 @@ -0,0 +1,71 @@ + + + +s390x linux-user assertion fires in vector asm on master +Description of problem: +Seeing a assert being fired when running this go program that executes vector instructions: + +[ecdsaexample.go](/uploads/f5162a12747f93f060cfcabaea786d92/ecdsaexample.go) + +``` +qemu-s390x-static: ../qemu/target/s390x/translate.c:1063: get_field1: Assertion `have_field1(s, o)' failed. +SIGABRT: abort +PC=0x5b660 m=0 sigcode=4294967290 + +goroutine 1 [running]: +runtime.sigpanic() + /home/jalbrecht/s390x/15/go/src/runtime/signal_unix.go:723 fp=0xc000198998 sp=0xc000198998 pc=0x5b660 +crypto/elliptic.p256SqrInternalVMSL() + /home/jalbrecht/s390x/15/go/src/crypto/elliptic/p256_asm_s390x.s:1488 fp=0xc0001989a0 sp=0xc0001989a0 pc=0xda600 +p256SqrInternal() + /home/jalbrecht/s390x/15/go/src/crypto/elliptic/p256_asm_s390x.s:1695 +0x18 fp=0xc0001989d8 sp=0xc0001989a0 pc=0xd95b8 +crypto/elliptic.p256SqrAsm(0xc000198bc0, 0x20, 0x20, 0xc000198ce0, 0x20, 0x20, 0x0, 0xc, 0x30, 0x4000802560, ...) + /home/jalbrecht/s390x/15/go/src/crypto/elliptic/p256_asm_s390x.s:1849 +0x3c fp=0xc0001989e0 sp=0xc0001989d8 pc=0xdaa6c +crypto/elliptic.p256Sqr(...) + /home/jalbrecht/s390x/15/go/src/crypto/elliptic/p256_s390x.go:81 +crypto/elliptic.p256Inverse(0xc000198bc0, 0x20, 0x20, 0xc000198ce0, 0x20, 0x20) + /home/jalbrecht/s390x/15/go/src/crypto/elliptic/p256_s390x.go:324 +0x66 fp=0xc000198b28 sp=0xc0001989e0 pc=0xd7da6 +crypto/elliptic.initTable() + /home/jalbrecht/s390x/15/go/src/crypto/elliptic/p256_s390x.go:436 +0x192 fp=0xc000198d00 sp=0xc000198b28 pc=0xd87d2 +crypto/elliptic.initP256Arch(...) + /home/jalbrecht/s390x/15/go/src/crypto/elliptic/p256_s390x.go:57 +crypto/elliptic.initP256() + /home/jalbrecht/s390x/15/go/src/crypto/elliptic/p256.go:40 +0x2c0 fp=0xc000198d38 sp=0xc000198d00 pc=0xd2960 +crypto/elliptic.initAll() + /home/jalbrecht/s390x/15/go/src/crypto/elliptic/elliptic.go:397 +0x24 fp=0xc000198d40 sp=0xc000198d38 pc=0xd1ab4 +sync.(*Once).doSlow(0x2168e8, 0x122be8) + /home/jalbrecht/s390x/15/go/src/sync/once.go:66 +0x12c fp=0xc000198d98 sp=0xc000198d40 pc=0x7ee5c +sync.(*Once).Do(...) + /home/jalbrecht/s390x/15/go/src/sync/once.go:57 +crypto/elliptic.P256(...) + /home/jalbrecht/s390x/15/go/src/crypto/elliptic/elliptic.go:433 +main.main() + /home/jalbrecht/s390x/ecdsaexample.go:17 +0x7de fp=0xc000198f80 sp=0xc000198d98 pc=0xe4a2e +runtime.main() + /home/jalbrecht/s390x/15/go/src/runtime/proc.go:204 +0x214 fp=0xc000198fd8 sp=0xc000198f80 pc=0x472e4 +runtime.goexit() + /home/jalbrecht/s390x/15/go/src/runtime/asm_s390x.s:779 +0x2 fp=0xc000198fd8 sp=0xc000198fd8 pc=0x77c52 + +r0 0x0 r1 0xc000198bc0 +r2 0xc000198ce0 r3 0xc000198ce0 +r4 0x1401a0 r5 0xc000198be0 +r6 0xc000198bc0 r7 0x1c00f0 +r8 0xda600 r9 0xc0001989a8 +r10 0x217810 r11 0x0 +r12 0x4000800378 r13 0xc000000180 +r14 0xda600 r15 0xc000198998 +pc 0x5b660 link 0xda600 +exit status 2 +``` +Steps to reproduce: +On an amd64 linux host: +1. Download attached ecdsaexample.go file +2. Download and untar an s390x go distro (1.15 and 1.16 both show this issue): https://golang.org/dl/go1.15.13.linux-s390x.tar.gz +3. Build a qemu-s390x-static from current master +4. qemu-s390x-static -E PATH=/path/to/s390x/15/go/bin -L /usr/s390x-linux-gnu /path/to/s390x/15/go/bin/go run ecdsaexample.go +Additional information: +@davidhildenbrand could you have a look? I tracked it down to this series of patches: https://lore.kernel.org/qemu-devel/20210608092337.12221-1-david@redhat.com/. I tried reverting just this series from current master and then the program runs with no issues. + +This crash is seen whenever eg. certificates are checked when connecting via https so it is likely to happen in real programs. + +cc: @ruixinbao diff --git a/results/classifier/deepseek-r1:32b/output/instruction/494 b/results/classifier/deepseek-r1:32b/output/instruction/494 new file mode 100644 index 000000000..041ca2b3d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/494 @@ -0,0 +1,4 @@ + + + +cmake crashes on qemu-alpha-user with Illegal Instruction diff --git a/results/classifier/deepseek-r1:32b/output/instruction/508 b/results/classifier/deepseek-r1:32b/output/instruction/508 new file mode 100644 index 000000000..a5b701b3a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/508 @@ -0,0 +1,4 @@ + + + +x86_64 cmpxchg behavior in qemu tcg does not match the real CPU diff --git a/results/classifier/deepseek-r1:32b/output/instruction/618 b/results/classifier/deepseek-r1:32b/output/instruction/618 new file mode 100644 index 000000000..eaab679ff --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/618 @@ -0,0 +1,98 @@ + + + +overflow condition code determined incorrectly after subtraction on s390x +Description of problem: +Paul Eggert found this bug, just by taking a look at the file `qemu/target/s390x/tcg/cc_helper.c`. + +The following program +[foo.c](/uploads/c1f425684fd661c4437950d7d8ddf31d/foo.c) +``` +#include <stdio.h> + +int overflow_32 (int x, int y) +{ + int sum; + return __builtin_sub_overflow (x, y, &sum); +} + +int overflow_64 (long long x, long long y) +{ + long sum; + return __builtin_sub_overflow (x, y, &sum); +} + +int a1 = 0; +int b1 = -2147483648; +long long a2 = 0L; +long long b2 = -9223372036854775808L; + +int main () +{ + { + int a = a1; + int b = b1; + printf ("a = 0x%x, b = 0x%x\n", a, b); + printf ("no_overflow = %d\n", ! overflow_32 (a, b)); + } + { + long long a = a2; + long long b = b2; + printf ("a = 0x%llx, b = 0x%llx\n", a, b); + printf ("no_overflow = %d\n", ! overflow_64 (a, b)); + } +} +``` +should print +``` +a = 0x0, b = 0x80000000 +no_overflow = 0 +a = 0x0, b = 0x8000000000000000 +no_overflow = 0 +``` +However, when compiled as an s390x program and executed through qemu 6.1.0 (Linux user-mode), it prints 'no_overflow = 1' twice. +``` +$ s390x-linux-gnu-gcc-10 --version +s390x-linux-gnu-gcc-10 (Ubuntu 10.3.0-1ubuntu1~20.04) 10.3.0 +``` + +``` +$ s390x-linux-gnu-gcc-10 -static foo.c +$ ~/inst-qemu/6.1.0/bin/qemu-s390x a.out +a = 0x0, b = 0x80000000 +no_overflow = 1 +a = 0x0, b = 0x8000000000000000 +no_overflow = 1 +``` + +``` +$ s390x-linux-gnu-gcc-10 -O2 -static foo.c +$ ~/inst-qemu/6.1.0/bin/qemu-s390x a.out +a = 0x0, b = 0x80000000 +no_overflow = 1 +a = 0x0, b = 0x8000000000000000 +no_overflow = 1 +``` + +The code generated by 's390x-linux-gnu-gcc-10 -O2' makes use of the 'o' (overflow / ones) condition code: +``` +overflow_64: + lgr %r1,%r2 ;; copy a into %r1 + lghi %r2,0 + sgr %r1,%r3 ;; subtract b from a + bnor %r14 ;; if no overflow, return %r2 = 0 + lghi %r2,1 + br %r14 ;; otherwise, return %r2 = 1 +``` + +The condition code and the overflow bit are defined in the z/Architecture Principles of Operation (POP) http://publibfi.boulder.ibm.com/epubs/pdf/dz9zr011.pdf page 7-5 / 7-6 / 7-388 : "In mathematical terms, signed addition and subtraction produce a fixed-point overflow when the result is outside the range of representation for signed binary integers." + +I conclude that the bug is in QEMU: QEMU does not set the overflow condition code correctly. +Steps to reproduce: +[foo.static.s390x](/uploads/e4b79b019db590f3a4b13cac41e57ba6/foo.static.s390x) +(the result of "s390x-linux-gnu-gcc-10 -static -O2 foo.c -o foo.static.s390x") + +1. `qemu-s390x foo.static.s390x` +Additional information: +The attached patch fixes it. +[0002-s390x-Fix-determination-of-overflow-condition-code-a.patch](/uploads/8d414f84fe0ed36bf07bd28f5e7836ab/0002-s390x-Fix-determination-of-overflow-condition-code-a.patch) diff --git a/results/classifier/deepseek-r1:32b/output/instruction/625 b/results/classifier/deepseek-r1:32b/output/instruction/625 new file mode 100644 index 000000000..53d7d0c2e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/625 @@ -0,0 +1,26 @@ + + + +qemu-hppa floating point POWER function is incorrect +Description of problem: +The floating point power function produces incorrect values, and possibly stack misshapes as well. +Steps to reproduce: +1. $ hppa1.1-unknown-linux-gnu-gcc pow.c -o pow -lm -static +2. $ qemu-hppa pow +3. the expected result is 10.0 ^ 6.0 = 6000000.0, instead of 403.45 +Additional information: +Example C source to reproduce, pow.c: +``` +#include <stdio.h> +#include <math.h> +int main() +{ + double base, expo, res; + base=10.0; + expo=6.0; + // res sould be 1e+6 + res = pow(base, expo); + printf("%.1lf^%.1lf = %.2lf\n", base, expo, res); + return 0; +} +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/754 b/results/classifier/deepseek-r1:32b/output/instruction/754 new file mode 100644 index 000000000..1b78c2d09 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/754 @@ -0,0 +1,210 @@ + + + +qem_m68k : trapcs instruction causes the non-execution of the following 2 instructions +Description of problem: +In try to run following code : +``` +8004615a: 204f moveal %sp,%a0 +8004615c: b1c7 cmpal %d7,%a0 +8004615e: 55fc trapcs +80046160: 4e56 0000 linkw %fp,#0 +80046164: 2f14 movel %a4@,%sp@- +80046166: 288e movel %fp,%a4@ +80046168: c74d exg %a3,%a5 +8004616a: 48e7 3030 moveml %d2-%d3/%a2-%a3,%sp@- +8004616e: 7001 moveq #1,%d0 +80046170: 3b40 816c movew %d0,%a5@(-32404) +80046174: 7218 moveq #24,%d1 +80046176: 3b41 816a movew %d1,%a5@(-32406) +8004617a: 242d 8004 movel %a5@(-32764),%d2 +8004617e: 2b42 815c movel %d2,%a5@(-32420) +80046182: 206d 8008 moveal %a5@(-32760),%a0 +80046186: 2268 8010 moveal %a0@(-32752),%a1 +8004618a: 2b49 8158 movel %a1,%a5@(-32424) +8004618e: 42ad 8154 clrl %a5@(-32428) +80046192: 246d 8154 moveal %a5@(-32428),%a2 +80046196: 2b4a 8160 movel %a2,%a5@(-32416) +8004619a: 2b4a 8164 movel %a2,%a5@(-32412) +8004619e: 422d 8168 clrb %a5@(-32408) +800461a2: 7604 moveq #4,%d3 +800461a4: 2b43 8150 movel %d3,%a5@(-32432) +800461a8: 2668 8010 moveal %a0@(-32752),%a3 +800461ac: 2b4b 814c movel %a3,%a5@(-32436) +800461b0: 2268 8010 moveal %a0@(-32752),%a1 +800461b4: 266d 8008 moveal %a5@(-32760),%a3 +800461b8: 206b 8008 moveal %a3@(-32760),%a0 +800461bc: 4e90 jsr %a0@ +800461be: 2b48 8148 movel %a0,%a5@(-32440) +800461c2: 4cdf 0c0c moveml %sp@+,%d2-%d3/%a2-%a3 +800461c6: c74d exg %a3,%a5 +800461c8: 289f movel %sp@+,%a4@ +800461ca: 4e5e unlk %fp +800461cc: 4e75 rts +``` +When I run qemu-m68k -cpu m68020 -d in_asm,cpu, I have : +``` +---------------- +IN: +0x8004615a: moveal %sp,%a0 +0x8004615c: cmpal %d7,%a0 +0x8004615e: trapcs +0x80046160: linkw %fp,#0 +0x80046164: movel %a4@,%sp@- +0x80046166: movel %fp,%a4@ +0x80046168: exg %a3,%a5 +0x8004616a: moveml %d2-%d3/%a2-%a3,%sp@- +0x8004616e: moveq #1,%d0 +0x80046170: movew %d0,%a5@(-32404) +0x80046174: moveq #24,%d1 +0x80046176: movew %d1,%a5@(-32406) +0x8004617a: movel %a5@(-32764),%d2 +0x8004617e: movel %d2,%a5@(-32420) +0x80046182: moveal %a5@(-32760),%a0 +0x80046186: moveal %a0@(-32752),%a1 +0x8004618a: movel %a1,%a5@(-32424) +0x8004618e: clrl %a5@(-32428) +0x80046192: moveal %a5@(-32428),%a2 +0x80046196: movel %a2,%a5@(-32416) +0x8004619a: movel %a2,%a5@(-32412) +0x8004619e: clrb %a5@(-32408) +0x800461a2: moveq #4,%d3 +0x800461a4: movel %d3,%a5@(-32432) +0x800461a8: moveal %a0@(-32752),%a3 +0x800461ac: movel %a3,%a5@(-32436) +0x800461b0: moveal %a0@(-32752),%a1 +0x800461b4: moveal %a5@(-32760),%a3 +0x800461b8: moveal %a3@(-32760),%a0 +0x800461bc: jsr %a0@ + +Trace 0: 0x7f83a807e780 [00000000/8004615a/00000000/00000000] +D0 = 00000012 A0 = 8004615a F0 = 7fff ffffffffffffffff ( nan) +D1 = 00000001 A1 = 800466d6 F1 = 7fff ffffffffffffffff ( nan) +D2 = 00000000 A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan) +D3 = 00000000 A3 = 8000c3b0 F3 = 7fff ffffffffffffffff ( nan) +D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan) +D5 = 00000000 A5 = 3ffd7000 F5 = 7fff ffffffffffffffff ( nan) +D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan) +D7 = 80042050 A7 = 80045ff4 F7 = 7fff ffffffffffffffff ( nan) +PC SR = 0004 T:0 I:0 UI --Z-- +FPSR = 00000000 ---- + FPCR = 0000 X RN + + +---------------- +IN: +0x80046358: lea %a1@(0,%d0:l),%a0 +0x8004635c: rts + +Trace 0: 0x7f83a807eac0 [00000000/80046358/00000000/00000000] +D0 = 00000001 A0 = 80046358 F0 = 7fff ffffffffffffffff ( nan) +D1 = 00000018 A1 = 00000000 F1 = 7fff ffffffffffffffff ( nan) +D2 = ffffffff A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan) +D3 = 00000004 A3 = 8000c040 F3 = 7fff ffffffffffffffff ( nan) +D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan) +D5 = 00000000 A5 = 8000c3b0 F5 = 7fff ffffffffffffffff ( nan) +D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan) +D7 = 80042050 A7 = 80045fe0 F7 = 7fff ffffffffffffffff ( nan) +PC = 80046358 SR = 0004 T:0 I:0 UI --Z-- +FPSR = 00000000 ---- + FPCR = 0000 X RN +---------------- +``` +Stack pointer is 80045fe0, it should be 80045FD8. + +When I run with options -cpu m68020 -d in_asm,cpu,op -singlestep, I have : +``` +---------------- +IN: +0x8004615e: trapcs +0x80046160: linkw %fp,#0 +Disassembler disagrees with translator over instruction decoding +Please report this to qemu-devel@nongnu.org + +OP: + ld_i32 tmp0,env,$0xfffffffffffffff8 + brcond_i32 tmp0,$0x0,lt,$L0 + + ---- 8004615e 00000000 + mov_i32 tmp0,$0x0 + call flush_flags,$0x0,$0,env,CC_OP + setcond_i32 tmp2,CC_C,tmp0,ne + neg_i32 tmp2,tmp2 + mov_i32 tmp0,$0x56 + mov_i32 PC,$0x80046162 + exit_tb $0x0 + set_label $L0 + exit_tb $0x7fba001a75c3 + +D0 = 00000012 A0 = 80045ff4 F0 = 7fff ffffffffffffffff ( nan) +D1 = 00000001 A1 = 800466d6 F1 = 7fff ffffffffffffffff ( nan) +D2 = 00000000 A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan) +D3 = 00000000 A3 = 8000c3b0 F3 = 7fff ffffffffffffffff ( nan) +D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan) +D5 = 00000000 A5 = 3ffd5000 F5 = 7fff ffffffffffffffff ( nan) +D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan) +D7 = 80042050 A7 = 80045ff4 F7 = 7fff ffffffffffffffff ( nan) +PC = 8004615e SR = 0000 T:0 I:0 UI ----- +FPSR = 00000000 ---- + FPCR = 0000 X RN +---------------- +IN: +0x80046162: orib #20,%d0 + +OP: + ld_i32 tmp0,env,$0xfffffffffffffff8 + brcond_i32 tmp0,$0x0,lt,$L0 + + ---- 80046162 00000000 + mov_i32 tmp0,$0x14 + ext8s_i32 tmp3,D0 + or_i32 tmp4,tmp3,tmp0 + and_i32 D0,D0,$0xffffff00 + ext8u_i32 tmp6,tmp4 + or_i32 D0,D0,tmp6 + ext8s_i32 CC_N,tmp4 + discard CC_C + discard CC_Z + discard CC_V + mov_i32 CC_OP,$0xb + mov_i32 PC,$0x80046166 + exit_tb $0x0 + set_label $L0 + exit_tb $0x7fba001a7683 + +D0 = 00000012 A0 = 80045ff4 F0 = 7fff ffffffffffffffff ( nan) +D1 = 00000001 A1 = 800466d6 F1 = 7fff ffffffffffffffff ( nan) +D2 = 00000000 A2 = 00000000 F2 = 7fff ffffffffffffffff ( nan) +D3 = 00000000 A3 = 8000c3b0 F3 = 7fff ffffffffffffffff ( nan) +D4 = 00000000 A4 = 8004604c F4 = 7fff ffffffffffffffff ( nan) +D5 = 00000000 A5 = 3ffd5000 F5 = 7fff ffffffffffffffff ( nan) +D6 = 00000004 A6 = 80046038 F6 = 7fff ffffffffffffffff ( nan) +D7 = 80042050 A7 = 80045ff4 F7 = 7fff ffffffffffffffff ( nan) +PC = 80046162 SR = 0000 T:0 I:0 UI ----- +FPSR = 00000000 ---- + FPCR = 0000 X RN +---------------- +IN: +0x80046166: movel %fp,%a4@ + +OP: + ld_i32 tmp0,env,$0xfffffffffffffff8 + brcond_i32 tmp0,$0x0,lt,$L0 + +... +``` +I can see that instructions +``` +0x80046160: linkw %fp,#0 +0x80046164: movel %a4@,%sp@- +``` +are not executed +and an extra instruction +``` +0x80046162: orib #20,%d0 +``` +is executed +Steps to reproduce: +Run chroot qemu-m68k qemu-m68k-static -cpu m68020 -d in_asm,cpu -D log1.txt ./test +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/instruction/799 b/results/classifier/deepseek-r1:32b/output/instruction/799 new file mode 100644 index 000000000..2a038a0be --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/799 @@ -0,0 +1,50 @@ + + + +TCG Optimizer crashes on AArch64 SVE2 instruction +Description of problem: +QEMU crashes due to an assertion in the TCG optimizer when optimizing an SVE2 instruction: +``` +Unrecognized operation 145 in do_constant_folding. +../tcg/optimize.c:458: tcg fatal error +``` +Steps to reproduce: +1. Compile the following minimized reproducer: (a pre-compiled image is provided for convenience - [reproducer.img](/uploads/0bddbfac55306a297fee59dd2f6923cf/reproducer.img)) +```asm +.org 0x0 +entry: + mrs x1, cptr_el3 + orr x9, x1, #0x100 + msr cptr_el3, x9 + + msr cptr_el2, xzr + + mov x1, #0x3 + mrs x9, cpacr_el1 + bfi x9, x1, #16, #2 + bfi x9, x1, #20, #2 + msr cpacr_el1, x9 + + mov x9, 512 + mov x0, x9 + asr x0, x0, 7 + sub x9, x0, #1 + msr zcr_el1, x9 + + mov x9, 512 + mov x0, x9 + asr x0, x0, 7 + sub x9, x0, #1 + msr zcr_el2, x9 + + mov x9, 512 + mov x0, x9 + asr x0, x0, 7 + sub x9, x0, #1 + msr zcr_el3, x9 + + uqxtnt z11.s, z22.d +``` +2. Execute it using the command line given above. +Additional information: +I tested latest master as well, and the problem persists. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/824 b/results/classifier/deepseek-r1:32b/output/instruction/824 new file mode 100644 index 000000000..a93e2e869 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/824 @@ -0,0 +1,15 @@ + + + +x86_64 Translation Block error (cmp eax, 0x6; jnle 0x524) +Description of problem: +`Qemu` produces a Translation block of 4 instructions: +``` +0x0000558a53039ffc: 83f806 (cmp eax, 0x6) +0x0000558a53039fff: 0f (nothing) +0x0000558a53039ffc: 83f806 (cmp eax, 0x6) +0x0000558a53039fff: 0f8f1e050000 (jnle 0x524) +``` +This problem occurs several time with different addresses but the same pattern: +- 1st and 3th instructions are the same (both addresses and opcodes); +- 2nd is the prefix of the 4th (same addresses). diff --git a/results/classifier/deepseek-r1:32b/output/instruction/826 b/results/classifier/deepseek-r1:32b/output/instruction/826 new file mode 100644 index 000000000..d79f7cf28 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/826 @@ -0,0 +1,19 @@ + + + +AArch64 SVE2 LDNT1SB (vector plus scalar) load address incorrectly calculated +Description of problem: +During execution of the following SVE2 instruction: +`ldnt1sb {z6.d}, p3/z, [z14.d, x9]` +with the following register state: +``` +(gdb) p $p3 +$1 = {0x7, 0x0, 0x74, 0x0, 0x43, 0x0, 0x29, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x47, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x66, 0xe4, 0x64, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20, 0x11, 0x31, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x11, 0x31, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb0, 0x8b, 0x49, 0x34, 0xfc, 0x7f, 0x0, 0x0, 0xe0, 0x71, 0x30, 0x1, 0x0, 0x0, 0x0, 0x0} +(gdb) p $z14.d.u +$2 = {0x3bdeaa30, 0x3bdeaa33, 0x3bdeaa36, 0x3bdeaa39, 0x3bdeaa3c, 0x3bdeaa3f, 0x3bdeaa42, 0x3bdeaa45} +(gdb) p $x9 +$3 = 0x0 +``` +QEMU produces a data abort due to an address fault on address `0x5EE45E4E`, which it clearly should not have tried to load. +Additional information: +A quick look at the implementation of the LDNT1SB instruction in QEMU points to the following commit: https://gitlab.com/qemu-project/qemu/-/commit/cf327449816d5643106445420a0b06b0f38d4f01 which simply redirects to SVE's LD1SB handler. As these instructions use a new flavor of SVE scatter/gather loads (vector plus scalar) which SVE LD1SB does not support, I wonder if the LD1SB handler simply decodes it as the wrong instruction and treats it as a (scalar plus vector) instruction, which LD1SB does support, but whose address calculation is completely different. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/837 b/results/classifier/deepseek-r1:32b/output/instruction/837 new file mode 100644 index 000000000..3f61a028a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/837 @@ -0,0 +1,33 @@ + + + +x86 user: icebp/int1 raises wrong signal +Description of problem: +This is a relatively minor inaccuracy. When `icebp` (`F1`) is executed, it raises `SIGILL` in QEMU, where the behavior on baremetal Linux (on an old Intel Core i5-430m) is to raise `SIGTRAP`. + +Specifically, on the architectural level, `icebp` raises `#DB` without affecting `dr6`. + +This also happens on an AArch64 host. +``` +$ ./icebp +Trace/breakpoint trap +$ qemu-x86_64 ./icebp +qemu: uncaught target signal 4 (Illegal instruction) - core dumped +Illegal instruction +``` +Steps to reproduce: +1. Compile this file using `gcc -nostdlib -static icebp.S -o icebp`, optionally with `-m32` to test i386 +``` + .globl _start +_start: + .byte 0xF1 // gas doesn't assemble this instruction opcode but it disassembles it +#ifdef __x86_64__ + mov $60, %eax + syscall +#else + mov $1, %eax + int $0x80 +#endif +``` +2. Run on baremetal. Notice how it raises `SIGTRAP` according to the shell job control message +3. Run on qemu-user. Notice how it raises `SIGILL`. diff --git a/results/classifier/deepseek-r1:32b/output/instruction/890 b/results/classifier/deepseek-r1:32b/output/instruction/890 new file mode 100644 index 000000000..26d32f2ea --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/890 @@ -0,0 +1,4 @@ + + + +Misinterpretation of arm neon invalid insn diff --git a/results/classifier/deepseek-r1:32b/output/instruction/904308 b/results/classifier/deepseek-r1:32b/output/instruction/904308 new file mode 100644 index 000000000..93fdd56b6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/904308 @@ -0,0 +1,101 @@ + + + +x86: BT/BTS/BTR/BTC: ZF flag is unaffected + +Hello! + +Bug was found in qemu.git. +See target-i386/translate.c: + + case 0x1ba: /* bt/bts/btr/btc Gv, im */ + ot = dflag + OT_WORD; + modrm = ldub_code(s->pc++); + op = (modrm >> 3) & 7; + mod = (modrm >> 6) & 3; + rm = (modrm & 7) | REX_B(s); + if (mod != 3) { + s->rip_offset = 1; + gen_lea_modrm(s, modrm, ®_addr, &offset_addr); + gen_op_ld_T0_A0(ot + s->mem_index); + } else { + gen_op_mov_TN_reg(ot, 0, rm); + } + /* load shift */ + val = ldub_code(s->pc++); + gen_op_movl_T1_im(val); + if (op < 4) + goto illegal_op; + op -= 4; + goto bt_op; + case 0x1a3: /* bt Gv, Ev */ + op = 0; + goto do_btx; + case 0x1ab: /* bts */ + op = 1; + goto do_btx; + case 0x1b3: /* btr */ + op = 2; + goto do_btx; + case 0x1bb: /* btc */ + op = 3; + do_btx: + ot = dflag + OT_WORD; + modrm = ldub_code(s->pc++); + reg = ((modrm >> 3) & 7) | rex_r; + mod = (modrm >> 6) & 3; + rm = (modrm & 7) | REX_B(s); + gen_op_mov_TN_reg(OT_LONG, 1, reg); + if (mod != 3) { + gen_lea_modrm(s, modrm, ®_addr, &offset_addr); + /* specific case: we need to add a displacement */ + gen_exts(ot, cpu_T[1]); + tcg_gen_sari_tl(cpu_tmp0, cpu_T[1], 3 + ot); + tcg_gen_shli_tl(cpu_tmp0, cpu_tmp0, ot); + tcg_gen_add_tl(cpu_A0, cpu_A0, cpu_tmp0); + gen_op_ld_T0_A0(ot + s->mem_index); + } else { + gen_op_mov_TN_reg(ot, 0, rm); + } + bt_op: + tcg_gen_andi_tl(cpu_T[1], cpu_T[1], (1 << (3 + ot)) - 1); + switch(op) { + case 0: + tcg_gen_shr_tl(cpu_cc_src, cpu_T[0], cpu_T[1]); + tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf + break; + case 1: + tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]); + tcg_gen_movi_tl(cpu_tmp0, 1); + tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]); + tcg_gen_or_tl(cpu_T[0], cpu_T[0], cpu_tmp0); + break; + case 2: + tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]); + tcg_gen_movi_tl(cpu_tmp0, 1); + tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]); + tcg_gen_not_tl(cpu_tmp0, cpu_tmp0); + tcg_gen_and_tl(cpu_T[0], cpu_T[0], cpu_tmp0); + break; + default: + case 3: + tcg_gen_shr_tl(cpu_tmp4, cpu_T[0], cpu_T[1]); + tcg_gen_movi_tl(cpu_tmp0, 1); + tcg_gen_shl_tl(cpu_tmp0, cpu_tmp0, cpu_T[1]); + tcg_gen_xor_tl(cpu_T[0], cpu_T[0], cpu_tmp0); + break; + } + s->cc_op = CC_OP_SARB + ot; + if (op != 0) { + if (mod != 3) + gen_op_st_T0_A0(ot + s->mem_index); + else + gen_op_mov_reg_T0(ot, rm); + tcg_gen_mov_tl(cpu_cc_src, cpu_tmp4); + tcg_gen_movi_tl(cpu_cc_dst, 0); <<<<<<<<<<<<<<<<<<<<<< always set zf + } + break; + +always set zf... + +There is fixed patch. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/instruction/952 b/results/classifier/deepseek-r1:32b/output/instruction/952 new file mode 100644 index 000000000..08f0cf817 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/952 @@ -0,0 +1,100 @@ + + + +qemu: uncaught target signal 5 (Trace/breakpoint trap) +Description of problem: +I'm getting core dumped when running the attached a.out_err binary in qemu, but when using Gdb to remote-debug the program, it exited normally. will appreciate if you can help look into this qemu issue. + +And I found that QEMU's 32-bit arm linux-user mode doesn't correctly turn guest BKPT insns into SIGTRAP signal. + +0xa602 <_start> movs r0, #22 + 0xa604 <_start+2> addw r1, pc, #186 ; 0xba +0xa608 <_start+6> bkpt 0x00ab + +$readelf -h hello + +ELF Header: + Magic: 7f 45 4c 46 01 01 01 00 00 00 00 00 00 00 00 00 + Class: ELF32 + Data: 2's complement, little endian + Version: 1 (current) + OS/ABI: UNIX - System V + ABI Version: 0 + Type: EXEC (Executable file) + Machine: ARM + Version: 0x1 + Entry point address: 0xa603 + Start of program headers: 52 (bytes into file) + Start of section headers: 144128 (bytes into file) + Flags: 0x5000200, Version5 EABI, soft-float ABI + Size of this header: 52 (bytes) + Size of program headers: 32 (bytes) + Number of program headers: 5 + Size of section headers: 40 (bytes) + Number of section headers: 16 + Section header string table index: 14 + +And I have check that the bug(https://bugs.launchpad.net/qemu/+bug/1873898) is fixed. + +But it's coredump. + +I found that bkpt instruction is not recognized, the bkpt is in 0x0000a608. + +host: +``` +$qemu-arm -g 12345 hello +``` +service: +``` +$gdb-multiarch hello +(gdb) target remote localhost:12345 +Remote debugging using localhost:12345 +0x0000a602 in _start () +(gdb) ni +0x0000a604 in _start () +(gdb) +0x0000a608 in _start () +(gdb) +0x0000a608 in _start () +``` +Another way to check: +``` +$gdb qemu-arm +(gdb) run hello +(gdb) bt +#0 0x00007ffff79474ba in __GI___sigsuspend (set=set@entry=0x7fffffffd9d8) at ../sysdeps/unix/sysv/linux/sigsuspend.c:26 +#1 0x000055555573bfff in dump_core_and_abort (target_sig=target_sig@entry=5) at ../linux-user/signal.c:772 +#2 0x000055555573c3c8 in handle_pending_signal (cpu_env=cpu_env@entry=0x555555da5940, sig=sig@entry=5, k=k@entry=0x555555e60e00) at ../linux-user/signal.c:1099 +#3 0x000055555573de8c in process_pending_signals (cpu_env=cpu_env@entry=0x555555da5940) at ../linux-user/signal.c:1175 +#4 0x0000555555622070 in cpu_loop (env=0x555555da5940) at ../linux-user/arm/cpu_loop.c:472 +#5 0x0000555555603cf4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../linux-user/main.c:883 +(gdb) up +#1 0x000055555573bfff in dump_core_and_abort (target_sig=target_sig@entry=5) at ../linux-user/signal.c:772 +772 sigsuspend(&act.sa_mask); +(gdb) +#2 0x000055555573c3c8 in handle_pending_signal (cpu_env=cpu_env@entry=0x555555da5940, sig=sig@entry=5, k=k@entry=0x555555e60e00) at ../linux-user/signal.c:1099 +1099 dump_core_and_abort(sig); +(gdb) +#3 0x000055555573de8c in process_pending_signals (cpu_env=cpu_env@entry=0x555555da5940) at ../linux-user/signal.c:1175 +1175 handle_pending_signal(cpu_env, sig, &ts->sync_signal); +(gdb) +#4 0x0000555555622070 in cpu_loop (env=0x555555da5940) at ../linux-user/arm/cpu_loop.c:472 +472 process_pending_signals(env); +(gdb) l +467 default: +468 error: +469 EXCP_DUMP(env, "qemu: unhandled CPU exception 0x%x - aborting\n", trapnr); +470 abort(); +471 } +472 process_pending_signals(env); +473 } +474 } +475 +476 void target_cpu_copy_regs(CPUArchState *env, struct target_pt_regs *regs) +(gdb) p cpu_exec(cs) +$2 = 7 +``` +Here process_pending_signals(env) gives SIGTRAP?? + +Here is my binary: +[hello](/uploads/7225e1f1c5a61ace40f90d5d2401a758/hello) diff --git a/results/classifier/deepseek-r1:32b/output/instruction/979 b/results/classifier/deepseek-r1:32b/output/instruction/979 new file mode 100644 index 000000000..3c6e7967d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/979 @@ -0,0 +1,10 @@ + + + +s390x floating point conversion functions broken +Description of problem: +While collecting additional reference files for float_convs (and float_convd) I noticed that the s390x handling of some cases is broken. See diff for details: + +``` + diff -y tests/tcg/s390x-linux-user/float_convs.out ../../tests/tcg/s390x/float_convs.ref +# diff --git a/results/classifier/deepseek-r1:32b/output/instruction/984 b/results/classifier/deepseek-r1:32b/output/instruction/984 new file mode 100644 index 000000000..ec5ada195 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/984 @@ -0,0 +1,26 @@ + + + +QEMU i386 fldl instruction is affected by the precision control bits of the FPU control word +Description of problem: +~~The QEMU softfloat float64_to_floatx80 implementation is broken and does not produce correct results.~~ QEMU i386 fldl instruction is affected by the precision control bits of the FPU control word. + +``` +IN = 1234.567890 (0x40934a4584f4c6e7) +OUT = 1234.567871 (0x40099a522c0000000000) +``` + +This bug was introduced in the QEMU commit qemu/qemu@8ae5719 as part of the switchover to FloatParts, and is still present in the latest tag (v7.0.0-rc4 as of now). + +Prior to the offending commit: + +``` +IN = 1234.567890 (0x40934a4584f4c6e7) +OUT = 1234.567890 (0x40099a522c27a6373800) +``` + +This breaks the i386 emulation of `fldl st(0)` (`helper_fldl_ST0`). +Steps to reproduce: +Call `float64_to_floatx80` with the input value of `1234.567890 (0x40934a4584f4c6e7)` and see the returned result. +Additional information: +See https://github.com/zephyrproject-rtos/sdk-ng/issues/461 diff --git a/results/classifier/deepseek-r1:32b/output/instruction/993 b/results/classifier/deepseek-r1:32b/output/instruction/993 new file mode 100644 index 000000000..2486b5077 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/993 @@ -0,0 +1,84 @@ + + + +Invalid opcode vzeroupper +Description of problem: +Got many invalid opcode error with Fedora 36 +See fedora bug https://bugzilla.redhat.com/show_bug.cgi?id=2076410 + +Crash stack and disassemble. +``` +Downloading separate debug info for /lib64/liblzma.so.5... +Downloading separate debug info for /home/penghuang/Sources/system-supplied DSO at 0x7fff30f55000... +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/lib64/libthread_db.so.1". +Core was generated by `flatpak remote-add flathub https://flathub.org/repo/flathub.flatpakrepo'. +Program terminated with signal SIGILL, Illegal instruction. +#0 0x00007f89783cbe4a in sha512_block_data_order_avx2 () from /lib64/libgnutls.so.30 +[Current thread is 1 (Thread 0x7f8972ada640 (LWP 5083))] +(gdb) bt +#0 0x00007f89783cbe4a in sha512_block_data_order_avx2 () from /lib64/libgnutls.so.30 +#1 0x00007f89783bf042 in x86_sha512_update (ctx=0x7f8972ad9090, length=128, data=0x7f8972ad8f90 '\\' <repeats 128 times>, "@\255") + at sha-x86-ssse3.c:215 +#2 0x00007f897810879b in nettle_hmac_set_key (outer=<optimized out>, inner=0x7f8972ad9168, state=<optimized out>, + hash=0x7f897848b6c0 <x86_sha384>, key_length=0, key=0x7f89783ff943 "") at /usr/src/debug/nettle-3.7.3-3.fc36.x86_64/hmac.c:83 +#3 0x00007f89783bce3a in wrap_x86_hmac_fast (algo=<optimized out>, nonce=<optimized out>, nonce_size=<optimized out>, key=0x7f89783ff943, + key_size=0, text=0x7f8972ad9430, text_size=48, digest=0x55a79d80b948) at hmac-x86-ssse3.c:294 +#4 0x00007f89782d4b57 in _gnutls_mac_fast (algorithm=GNUTLS_MAC_SHA384, key=0x7f89783ff943, keylen=0, text=0x7f8972ad9430, textlen=48, + digest=0x55a79d80b948) at hash_int.c:167 +#5 0x00007f89782f524d in gnutls_hmac_fast (algorithm=GNUTLS_MAC_SHA384, key=key@entry=0x7f89783ff943, keylen=keylen@entry=0, + ptext=0x7f8972ad9430, ptext_len=ptext_len@entry=48, digest=digest@entry=0x55a79d80b948) at crypto-api.c:640 +#6 0x00007f897830d2ff in _tls13_init_secret2 (prf=0x7f897848f888 <hash_algorithms+168>, psk=<optimized out>, psk@entry=0x0, psk_size=48, + psk_size@entry=0, out=out@entry=0x55a79d80b948) at secrets.c:59 +#7 0x00007f897830d3d0 in _tls13_init_secret (session=session@entry=0x55a79d80a1c0, psk=psk@entry=0x0, psk_size=psk_size@entry=0) at secrets.c:35 +#8 0x00007f89782c66c0 in read_server_hello (datalen=<optimized out>, data=<optimized out>, session=0x55a79d80a1c0) at handshake.c:2097 +#9 _gnutls_recv_handshake (session=session@entry=0x55a79d80a1c0, type=type@entry=GNUTLS_HANDSHAKE_SERVER_HELLO, optional=optional@entry=0, + buf=buf@entry=0x0) at handshake.c:1656 +#10 0x00007f89782c8dbb in handshake_client (session=0x55a79d80a1c0) at handshake.c:3072 +#11 gnutls_handshake (session=0x55a79d80a1c0) at handshake.c:2871 +#12 0x00007f89784a694f in g_tls_connection_gnutls_handshake_thread_handshake (tls=0x55a79d80c250, timeout=<optimized out>, + cancellable=<optimized out>, error=0x7f8972ad9b10) at ../tls/gnutls/gtlsconnection-gnutls.c:968 +#13 0x00007f89784a8942 in handshake_thread (task=0x7f8968007ec0, object=object@entry=0x55a79d80c250, task_data=task_data@entry=0x55a79d766e60, + cancellable=cancellable@entry=0x55a79d748760) at ../tls/base/gtlsconnection-base.c:1564 +#14 0x00007f89784a8c02 in async_handshake_thread (task=<optimized out>, object=0x55a79d80c250, task_data=0x55a79d766e60, + cancellable=0x55a79d748760) at ../tls/base/gtlsconnection-base.c:1848 +#15 0x00007f89882dbaf3 in g_task_thread_pool_thread (thread_data=0x7f8968007ec0, pool_data=<optimized out>) at ../gio/gtask.c:1441 +#16 0x00007f8988111b72 in g_thread_pool_thread_proxy (data=<optimized out>) at ../glib/gthreadpool.c:354 +#17 0x00007f898810f172 in g_thread_proxy (data=0x55a79d7e1360) at ../glib/gthread.c:827 +#18 0x00007f8987efdcc7 in start_thread (arg=<optimized out>) at pthread_create.c:442 +#19 0x00007f8987f82e00 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81 +(gdb) +(gdb) disassemble +Dump of assembler code for function sha512_block_data_order_avx2: + 0x00007f89783cbe00 <+0>: mov %rsp,%rax + 0x00007f89783cbe03 <+3>: push %rbx + 0x00007f89783cbe04 <+4>: push %rbp + 0x00007f89783cbe05 <+5>: push %r12 + 0x00007f89783cbe07 <+7>: push %r13 + 0x00007f89783cbe09 <+9>: push %r14 + 0x00007f89783cbe0b <+11>: push %r15 + 0x00007f89783cbe0d <+13>: sub $0x520,%rsp + 0x00007f89783cbe14 <+20>: shl $0x4,%rdx + 0x00007f89783cbe18 <+24>: and $0xfffffffffffff800,%rsp + 0x00007f89783cbe1f <+31>: lea (%rsi,%rdx,8),%rdx + 0x00007f89783cbe23 <+35>: add $0x480,%rsp + 0x00007f89783cbe2a <+42>: mov %rdi,0x80(%rsp) + 0x00007f89783cbe32 <+50>: mov %rsi,0x88(%rsp) + 0x00007f89783cbe3a <+58>: mov %rdx,0x90(%rsp) + 0x00007f89783cbe42 <+66>: mov %rax,0x98(%rsp) +=> 0x00007f89783cbe4a <+74>: vzeroupper + 0x00007f89783cbe4d <+77>: sub $0xffffffffffffff80,%rsi + 0x00007f89783cbe51 <+81>: mov (%rdi),%rax + 0x00007f89783cbe54 <+84>: mov %rsi,%r12 + 0x00007f89783cbe57 <+87>: mov 0x8(%rdi),%rbx + 0x00007f89783cbe5b <+91>: cmp %rdx,%rsi + 0x00007f89783cbe5e <+94>: mov 0x10(%rdi),%rcx + 0x00007f89783cbe62 <+98>: cmove %rsp,%r12 + 0x00007f89783cbe66 <+102>: mov 0x18(%rdi),%rdx + 0x00007f89783cbe6a <+106>: mov 0x20(%rdi),%r8 + 0x00007f89783cbe6e <+110>: mov 0x28(%rdi),%r9 + 0x00007f89783cbe72 <+114>: mov 0x30(%rdi),%r10 + 0x00007f89783cbe76 <+118>: mov 0x38(%rdi),%r11 + 0x00007f89783cbe7a <+122>: jmp 0x7f89783cbe80 <sha512_block_data_order_avx2+128> + 0x00007f89783cbe7c <+124>: nopl 0x0(%rax) +``` diff --git a/results/classifier/deepseek-r1:32b/output/instruction/998 b/results/classifier/deepseek-r1:32b/output/instruction/998 new file mode 100644 index 000000000..b66ece524 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/instruction/998 @@ -0,0 +1,63 @@ + + + +AArch64: SCTLR_EL1.BT0 set incorrectly in user mode +Description of problem: +PACIASP normally acts as a BTI landing pad, but not in every situation. When SCTLR_EL1.BT is set, PACIASP checks that the indirect branch originates from X16 or X17 when the indirect branch is taken from a BTI guarded area. Linux sets this bit, ideally QEMU-user should too. This sample program should crash with a SIGILL if QEMU is working correctly, otherwise it will crash with a SIGSEGV. + + #include <stdint.h> + #include <stdlib.h> + #include <unistd.h> + #include <string.h> + #include <stdio.h> + #include <sys/mman.h> + + // PACIASP is a valid BTI landing pad, but there are some conditions + // under Linux which sets SCTLR_ELx.BT0 = 1. In this mode, a branch + // onto a PACIASP landing pad is only valid if it originates from + // x16 or x17 (i.e. br x17 is OK, br x3 is not). + // More info on page D5-4851 of the Arm Architecture Reference Manual (ARM DDI 0487H.a). + + // Sample function which starts with a paciasp instruction + // (comes from -mbranch-protection=pac-ret+leaf) + void indirect_fn(int i) { + // paciasp instruction inserted here - should crash with SIGILL here if everything's operating OK. + i = i+1; + // Can't access this function from the copied location, so will segfault. + fprintf(stderr, "reachable\n"); + } + + int main(int argc, char **argv) { + // It's difficult to get a whole binary BTI compatible without the appropriate crtbegin etc + // so instead map a page and copy the sample function there. + void *e = mmap(0, getpagesize(), PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (e == MAP_FAILED) { + return 1; + } + memcpy(e, (void*)indirect_fn, 64); + mprotect(e, getpagesize(), PROT_READ | PROT_EXEC | PROT_BTI); + + // paciasp is a valid landing pad if the branch comes from an unprotected area, + // so to ensure that we're protected - assemble an intermediate shim that's also PROT_BTI. + void *f = mmap(0, getpagesize(), PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + if (f == MAP_FAILED) { + return 1; + } + uint32_t *x = (uint32_t*)f; + x[0] = 0xd503245fuL; // bti c + x[1] = 0xd61f0060uL; // br x1 - n.b. must be BR + mprotect(f, getpagesize(), PROT_READ | PROT_EXEC | PROT_BTI); + + // Jump to the shim + asm volatile ( + "mov x3, %0\n" + "mov x2, %1\n" + "blr x2\n" + : : "p"(e), "p"(f) : "x2", "x3"); + + // Execution should not reach here + return 1; + } +Steps to reproduce: +1. Compile with `clang-12 -g --sysroot=/work/home/fedora-rootfs/fedora_aarch64 -o sample --target=aarch64-linux-gnu -mbranch-protection=pac-ret+leaf -march=armv8-a -O1 -g sample.c` or similar. +2. Run with `../qemu/build/qemu-aarch64 --cpu max -L ~/fedora-rootfs/fedora_aarch64 sample` diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1033 b/results/classifier/deepseek-r1:32b/output/manual-review/1033 new file mode 100644 index 000000000..6db76014b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1033 @@ -0,0 +1,30 @@ + + + +fakeroot under qemu fails with 'semop(1): encountered an error: Function not implemented' +Description of problem: +Appears to be the same issue as that discussed and reportedly fixed in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965109 + +Running raspberry pi os in a chroot (using schroot). Execution of fakeroot as part of dpkg-buildpackage results in: + +``` +dpkg-buildpackage: info: source package clementine +dpkg-buildpackage: info: source version 1.4.0rc1-836-g4665916ba~bullseye +dpkg-buildpackage: info: source distribution bullseye +dpkg-buildpackage: info: source changed by David Sansome <me@davidsansome.com> +dpkg-buildpackage: info: host architecture armhf + dpkg-source --before-build . + fakeroot debian/rules clean +semop(1): encountered an error: Function not implemented +dpkg-buildpackage: error: fakeroot debian/rules clean subprocess returned exit status 1 +``` + +This is the same error as reported in bug 965109, but I'm running the most recent version of qemu - I built it from the git repo, so it should include the fix for 965109. +Steps to reproduce: +1. Setup (s)chroot with arm architecture (although the architecture may not matter) +2. Run fakeroot in the chroot +3. Observe the failure related to the semop syscall +Additional information: +- Not sure what other information I can provide to be helpful. +- The command line listed above is what I gather from ps; it's how qemu-arm-static is called by schroot. I've not been able to figure out _how_ schroot calls qemu-arm-static, I only know it does. +- I compiled qemu from source using my own user id, and ran into an issue with make install, so I manually used install to deploy the executable to /usr/local/bin... And then had to symlink that to /usr/bin as schroot apparently hardcodes the location of qemu-arm-static (at least it did not pick up the version I'd placed in /usr/local/bin). diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1054831 b/results/classifier/deepseek-r1:32b/output/manual-review/1054831 new file mode 100644 index 000000000..96c71a31a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1054831 @@ -0,0 +1,20 @@ + + + +qemu-user-static for sparc32plus : bash: fork: Invalid argument + +On Debian x86-64 host system I setup a sparc chroot using: + +host $ mkdir sparc +host $ sudo debootstrap --arch=sparc --foreign wheezy sparc http://ftp.au.debian.org/debian +host $ sudo cp ~/Git/qemu/sparc32plus-linux-user/qemu-sparc32plus sparc/usr/bin/qemu-sparc32plus-static +host $ LANG=C sudo chroot sparc/ /usr/bin/qemu-sparc32plus-static /bin/bash + +When I then run the second stage of debootstrap I get: + +target $ /debootstrap/debootstrap --second-stage +bash: fork: Invalid argument + +The above procedures works perfectly for armhf. + +This is with current git HEAD (commit 93b6599734f81328ee3d608f57667742cafeea72). \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1066909 b/results/classifier/deepseek-r1:32b/output/manual-review/1066909 new file mode 100644 index 000000000..769b35996 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1066909 @@ -0,0 +1,10 @@ + + + +App-level clone emulation for microblaze is broken + +When CLONE_THREAD is used, the new process starts with the program counter pointing to the system call instruction, rather than the instruction immediately following it. This causes an infinite cascade (linear growth, not exponential) of thread creation, which quickly crashes when the threads start running and they're all using the same stack. + +I'm using qemu 1.1.2 packaged with Debian, but I'm not aware of any fixes since then that would address the problem. + +I can provide a test program if needed; a short C program using syscall() directly or an even-shorter asm program can demonstrate the issue without need for debugging around pthread library routines. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1075272 b/results/classifier/deepseek-r1:32b/output/manual-review/1075272 new file mode 100644 index 000000000..56fc7d509 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1075272 @@ -0,0 +1,16 @@ + + + +socket type mapping wrong for mips app-level emulation + +linux-user/syscall.c's do_socket function contains socket type remapping to work around the nonsensically-permuted MIPS socket types. However, it fails to account for the SOCK_NONBLOCK and SOCK_CLOEXEC flags that may be or'd onto the type. Thus, a call from the application such as: + +socket(AF_INET, SOCK_STREAM, IPPROTO_TCP) + +will fail to have the type permutation performed, and will be passed to the system as: + +socket(AF_INET, SOCK_DGRAM, IPPROTO_TCP) + +resulting in EPROTONOSUPPORT. + +To fix this, the flag bits should be masked off of the type before the permutation. They also need remapping themselves (since MIPS uses different values for these flags bits). \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1075339 b/results/classifier/deepseek-r1:32b/output/manual-review/1075339 new file mode 100644 index 000000000..7cdd34fbc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1075339 @@ -0,0 +1,6 @@ + + + +linux-user emulation of setsockopt ignores optlen + +setsockopt always treats the argument as a 4-byte int. This breaks timeout options (for which it's an 8- or 16-byte timeval structure, depending on word size) and possibly other socket options. int is probably a safe default, but options whose values are other types need special-case conversion code. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/122 b/results/classifier/deepseek-r1:32b/output/manual-review/122 new file mode 100644 index 000000000..24cc126d6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/122 @@ -0,0 +1,4 @@ + + + +linux-user does not check PROT_EXEC diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/127 b/results/classifier/deepseek-r1:32b/output/manual-review/127 new file mode 100644 index 000000000..08e8ed49f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/127 @@ -0,0 +1,4 @@ + + + +linux-user missing cmsg IP_PKTINFO support ("Unsupported ancillary data: 0/8") diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1394 b/results/classifier/deepseek-r1:32b/output/manual-review/1394 new file mode 100644 index 000000000..96b55b038 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1394 @@ -0,0 +1,64 @@ + + + +Byte-swapping issue in getresuid on qemu-user-sparc64 +Description of problem: +When calling getresuid() in the big-endian sparc64 guest, the uid_t values are written with their 16-bit halves reversed. + +For example, the UID 0x000003e8 (1000) becomes 0x03e80000. +Steps to reproduce: +A minimal test case looks like this: +```c +#define _GNU_SOURCE +#include <stdio.h> +#include <sys/types.h> +#include <pwd.h> +#include <unistd.h> + +int main(int argc, char **argv) { + struct passwd *pw = getpwuid(geteuid()); + if (pw == NULL) { + perror("getpwuid failure"); + return 1; + } + printf("getpwuid()->pw_uid=0x%08x\n", pw->pw_uid); + + uid_t ruid = 0, euid = 0, suid = 0; + if (getresuid(&ruid, &euid, &suid) != 0) { + perror("getresuid failure"); + return 1; + } + printf("getresuid()->suid=0x%08x\n", suid); + + return 0; +} +``` + +Compile and run with: +``` +$ sparc64-linux-gnu-gcc -Wall -O0 -g -o sid-sparc64/test test.c +$ sudo chroot sid-sparc64 +[chroot] $ qemu-sparc64-static ./test +``` + +Alternatively, static compilation without a chroot is also possible (despite a warning about `getpwuid()`): +``` +$ sparc64-linux-gnu-gcc -static -Wall -O0 -g -o test test.c +$ qemu-sparc64-static ./test +``` + +Expected output: +``` +$ ./test +getpwuid()->pw_uid=0x000003e8 +getresuid()->suid=0x000003e8 +``` + +Actual output: +``` +$ ./test +getpwuid()->pw_uid=0x000003e8 +getresuid()->suid=0x03e80000 +``` +Additional information: +I'm not sure if this is a glibc, qemu or kernel issue, but it doesn't occur outside qemu. diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1416988 b/results/classifier/deepseek-r1:32b/output/manual-review/1416988 new file mode 100644 index 000000000..11c57f0ee --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1416988 @@ -0,0 +1,35 @@ + + + +Wrong signal handling in qemu-aarch64. + +Running GCC 5.0 testsuite under qemu-aarch64, I noticed that tests connected with stack unwinding fail with: + +qemu: uncaught target signal 11 (Segmentation fault) - core dumped + +or run into infinite loop. + +Here is one example: + +$ /home/max/build/gcc-aarch64/gcc/xgcc -B/home/max/build/gcc-aarch64/gcc/ /home/max/src/toolchain/gcc/gcc/testsuite/gcc.dg/cleanup-11.c -fexceptions -fnon-call-exceptions -O2 -lm -o ./cleanup-11.exe + +$ qemu-aarch64 -L /home/max/install/aarch64/aarch64-linux/sys-root/ -R 0 -/cleanup-11.exe +qemu: uncaught target signal 11 (Segmentation fault) - core dumped. + +Actually, this caused by ABI incompatibility between Linux Kernel (trunk) and qemu-aarch64. In fact, size of siginfo structure in Linux and target_siginfo structure in qemu-aarch64 differ: + +sizeof (struct target_siginfo) = 136 // QEMU +sizeof (struct siginfo) = 128 // Linux Kernel + + +This caused by wrong TARGET_SI_PAD_SIZE defined in linux-user/syscall_defs.h: + +#define TARGET_SI_PAD_SIZE ((TARGET_SI_MAX_SIZE/sizeof(int)) - 3) + +In Kernel respective value is: + +#define SI_PAD_SIZE ((SI_MAX_SIZE - __ARCH_SI_PREAMBLE_SIZE) / sizeof(int)) +............................................. +#define __ARCH_SI_PREAMBLE_SIZE (4 * sizeof(int)) // for Aarch64 + +Trivial fix, changing TARGET_SI_PAD_SIZE to right value, is attached. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1643619 b/results/classifier/deepseek-r1:32b/output/manual-review/1643619 new file mode 100644 index 000000000..459b87752 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1643619 @@ -0,0 +1,35 @@ + + + +netlink broken on big-endian mips + +Debian QEMU version 2.7.0, but the bug also appears in current git master (commit c36ed06e9159) + +As the summary says, netlink is completely broken on big-endian mips running qemu-user. + +Running 'ip route' from within a Debian chroot with QEMU simply hangs. Running amd64 strace on qemu-mips-static shows that it's waiting for a netlink response from the kernel which never comes. + +[...] +[pid 11249] socket(AF_NETLINK, SOCK_RAW|SOCK_CLOEXEC, NETLINK_ROUTE) = 3 +[pid 11249] setsockopt(3, SOL_SOCKET, SO_SNDBUF, [32768], 4) = 0 +[pid 11249] setsockopt(3, SOL_SOCKET, SO_RCVBUF, [1048576], 4) = 0 +[pid 11249] bind(3, {sa_family=AF_NETLINK, nl_pid=0, nl_groups=00000000}, 12) = 0 +[pid 11249] getsockname(3, {sa_family=AF_NETLINK, nl_pid=11249, nl_groups=00000000}, [12]) = 0 +[pid 11249] time([1479745823]) = 1479745823 +[pid 11249] sendto(3, {{len=671088640, type=0x1a00 /* NLMSG_??? */, flags=NLM_F_REQUEST|NLM_F_MULTI|0x100, seq=539046744, pid=0}, "\2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\10\0\35\0\0\0\1"}, 40, 0, NULL, 0) = 40 +[pid 11249] recvmsg(3, + +Notice the len in the buffer passed to the kernel is 0x28000000 which looks byteswapped. + +Removing the call to fd_trans_unregister in the NR_socket syscall in do_syscall fixes this for me, but I don't understand why the fd translation was immediately unregistered after being registered just before in do_socket - presumably it was added for a reason. + +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -9331,7 +9331,6 @@ abi_long do_syscall(void *cpu_env, int num, abi_long arg1, + #ifdef TARGET_NR_socket + case TARGET_NR_socket: + ret = do_socket(arg1, arg2, arg3); +- fd_trans_unregister(ret); + break; + #endif + #ifdef TARGET_NR_socketpair \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1673976 b/results/classifier/deepseek-r1:32b/output/manual-review/1673976 new file mode 100644 index 000000000..19e395365 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1673976 @@ -0,0 +1,14 @@ + + + +linux-user clone() can't handle glibc posix_spawn() (causes locale-gen to assert) + +I'm running a command command (locale-gen) inside of an armv7h chroot mounted on my x86_64 desktop by putting qemu-arm-static into /usr/bin/ of the chroot file system and I get a core dump. + +locale-gen +Generating locales... + en_US.UTF-8...localedef: ../sysdeps/unix/sysv/linux/spawni.c:360: __spawnix: Assertion `ec >= 0' failed. +qemu: uncaught target signal 6 (Aborted) - core dumped +/usr/bin/locale-gen: line 41: 34 Aborted (core dumped) localedef -i $input -c -f $charset -A /usr/share/locale/locale.alias $locale + +I've done this same thing successfully for years, but this breakage has appeared some time in the last 3 or so months. Possibly with the update to qemu version 2.8. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1701973 b/results/classifier/deepseek-r1:32b/output/manual-review/1701973 new file mode 100644 index 000000000..1b13a29b0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1701973 @@ -0,0 +1,20 @@ + + + +pread does not work right under qemu-sh4 + +The pread system call returns a wrong value in some case, in a program running under qemu-sh4 (version 2.9.0). + +How to reproduce: +- Compile the program: + sh4-linux-gnu-gcc-5 -O -Wall -static -o test-pread test-pread.c +- Set environment variable for using qemu-sh4 (actually not needed, since the program is statically linked here). +- ~/inst-qemu/2.9.0/bin/qemu-sh4 test-pread + +Expected output: +ret=1 errno=0 + +Actual output: +ret=0 errno=2 +test-pread.c:44: assertion 'ret == 1' failed +qemu: uncaught target signal 6 (Aborted) - core dumped \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1729 b/results/classifier/deepseek-r1:32b/output/manual-review/1729 new file mode 100644 index 000000000..fc8e0fa87 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1729 @@ -0,0 +1,50 @@ + + + +mremap fails with EFAULT if address range overlaps with stack guard +Description of problem: +When running 32-bit user-static on 64-bit host, `mremap` behave differently from the kernel. This difference let programs that call `pthread_getattr_np` on musl-libc to run into a loop on repeated calling `mremap`. + +https://git.musl-libc.org/cgit/musl/plain/src/thread/pthread_getattr_np.c + +``` c + while (mremap(p-l-PAGE_SIZE, PAGE_SIZE, 2*PAGE_SIZE, 0)==MAP_FAILED && errno==ENOMEM) + l += PAGE_SIZE; +``` +Steps to reproduce: +Compile the following program against musl-libc arm 32-bit, and run it in qemu-user-static on x86_64 host. + +``` c +#define _GNU_SOURCE +#include <pthread.h> + +int main(int argc, char *argv[]) { + pthread_attr_t attr; + return pthread_getattr_np(pthread_self(), &attr); +} +``` + +For example, on x86_64 fedora 38 with podman and qemu-user-static installed, we can reproduce this with alpine container: + +``` +$ podman run --rm -it --arch arm/v7 docker.io/library/alpine:latest + +/ # apk add alpine-sdk + +...... + +/ # cat test.c +#define _GNU_SOURCE +#include <pthread.h> + +int main(int argc, char *argv[]) { + pthread_attr_t attr; + return pthread_getattr_np(pthread_self(), &attr); +} + +/ # gcc test.c + +/ # ./a.out +``` +Additional information: +Original thread on musl mail list where this was initially reported: https://www.openwall.com/lists/musl/2017/06/15/9 diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1734792 b/results/classifier/deepseek-r1:32b/output/manual-review/1734792 new file mode 100644 index 000000000..2ec071756 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1734792 @@ -0,0 +1,10 @@ + + + +linux-user mode does not support memfd_create syscall + +qemu-x86_66 GIT HEAD fails on a userspace application that requires memfd_create with: + +"qemu: Unsupported syscall: 319". + +memfd_create support needs to be implemented in QEMU. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1760 b/results/classifier/deepseek-r1:32b/output/manual-review/1760 new file mode 100644 index 000000000..336c62075 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1760 @@ -0,0 +1,56 @@ + + + +qemu8-i386 gets wrong arguments for 32-bit old mmap syscall (_NR_mmap = 90) +Description of problem: +qemu8-i386 does not decode syscall arguments correctly for system call _NR_mmap = 90 on i386. +``` +$ strace ./oldmmap +execve("./oldmmap", ["./oldmmap"], 0x7fff46ba6d40 /* 61 vars */) = 0 +[ Process PID=405233 runs in 32 bit mode. ] +mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xf7fa7000 +exit(5) = ? ++++ exited with 5 +++ + +$ build/qemu-i386 -strace ./oldmmap +405254 mmap(0x40800058,0,PROT_NONE,0,0,0) = 0x3fffb000 +405254 exit(5) +``` +Steps to reproduce: +1. gcc -m32 -o oldmmap -nostartfiles -nostdlib oldmmap.S # build 32-bit executable +2. strace ./oldmmap # run under strace +3. build/qemu-i386 -strace ./oldmmap # run under "qemu-i386 -strace" +4. Notice that qemu-i386 did not report the same arguments to the _NR_map syscall as /usr/bin/strace did. +Additional information: +``` +$ cat oldmmap.S +MAP_FIXED= 0x10 +MAP_PRIVATE= 0x02 +MAP_ANONYMOUS= 0x20 + +PROT_READ= 1 +PROT_WRITE= 2 +PROT_EXEC= 4 + +_NR_exit = 1 +_NR_mmap = 90 // oldmmap: %ebx -> array of 6 arguments + + .globl _start +_start: + push $0 // offset + push $-1 // fd + push $MAP_PRIVATE|MAP_ANONYMOUS // flags + push $PROT_READ|PROT_WRITE // protection + push $2<<12 // length + push $0 // addr (kernel chooses) + mov %esp,%ebx + mov $_NR_mmap,%eax + int $0x80 + nop + + mov $5,%ebx + mov $_NR_exit,%eax + int $0x80 + hlt +$ +``` diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1761153 b/results/classifier/deepseek-r1:32b/output/manual-review/1761153 new file mode 100644 index 000000000..7ca0da995 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1761153 @@ -0,0 +1,26 @@ + + + +qemu-user incorrect mmap for large files on 64bits host and 32bits executable. + +qemu-user seems to incorrectly mmap a file if the offset is > 4GiB and guest binary is 32 bits elf. + +See attached test program `test_mmap.c`. + +``` +$ gcc -g -m32 -march=i386 test_mmap.c -o test_mmap +$ file test_mmap +test_mmap: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=e36db05f4dfd8a9cfde8a969214a242c1f5a4b49, with debug_info, not stripped +$ uname -a +Linux localhost.localdomain 4.15.10-300.fc27.x86_64 #1 SMP Thu Mar 15 17:13:04 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux +$ qemu-i386 --version +qemu-i386 version 2.10.1(qemu-2.10.1-2.fc27) +Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers +$ ./test_mmap +$ qemu-i386 test_mmap +Incorrect data 1 +``` + +Tested with qemu-i386 packaged in Fedora 27 and qemu-i386 compiled from git master (094b62cd9c) + +The issue was firstly detected on (more complex program) using qemu-arm (with 32bits binary) so it is probably a 32/64bits problem independently of the cpu family. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1783362 b/results/classifier/deepseek-r1:32b/output/manual-review/1783362 new file mode 100644 index 000000000..021feb3f1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1783362 @@ -0,0 +1,50 @@ + + + +qemu-user: mmap should return failure (MAP_FAILED, -1) instead of success (NULL, 0) when len==0 + +As shown in https://github.com/beehive-lab/mambo/issues/19#issuecomment-407420602, with len==0 mmap returns success (NULL, 0) instead of failure (MAP_FAILED, -1) in a x86_64 host executing a ELF 64-bit LSB executable, ARM aarch64 binary. + +Steps to reproduce the bug: + +- (cross-)compile the attached source file: + +$ aarch64-linux-gnu-gcc -static -std=gnu99 -lpthread test/mmap_qemu.c -o mmap_qemu + +- Execute in a x86_64 host with qemu-user and qemu-user-binfmt: + +$ ./mmap_qemu +alloc: 0 +MAP_FAILED: -1 +errno: 0 +mmap_qemu: test/mmap_qemu.c:15: main: Assertion `alloc == MAP_FAILED' failed. +qemu: uncaught target signal 6 (Aborted) - core dumped +Aborted (core dumped) + +- Execute in a ARM host without any additional dependecy: + +$ ./mmap_qemu +alloc: -1 +MAP_FAILED: -1 +errno: 22 + +The bug is present in Fedora: + +$ qemu-aarch64 --version +qemu-aarch64 version 2.11.2(qemu-2.11.2-1.fc28) +Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers +$ uname -r +4.17.7-200.fc28.x86_64 + +And also in Ubuntu: + +$ qemu-aarch64 --version +qemu-aarch64 version 2.12.0 (Debian 1:2.12+dfsg-3ubuntu3) +Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers +$ uname -r +4.15.0-23-generic + +Possibly related to: + +- https://lists.freebsd.org/pipermail/freebsd-hackers/2009-July/029109.html +- https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203852 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1805913 b/results/classifier/deepseek-r1:32b/output/manual-review/1805913 new file mode 100644 index 000000000..fbb73f826 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1805913 @@ -0,0 +1,24 @@ + + + +readdir() returns NULL (errno=EOVERFLOW) for 32-bit user-static qemu on 64-bit host + +This can be simply reproduced by compiling and running the attached C code (readdir-bug.c) under 32-bit user-static qemu, such as qemu-arm-static: + +# Setup docker for user-static binfmt +docker run --rm --privileged multiarch/qemu-user-static:register --reset +# Compile the code and run (readdir for / is fine, so create a new directory /test). +docker run -v /path/to/qemu-arm-static:/usr/bin/qemu-arm-static -v /path/to/readdir-bug.c:/tmp/readdir-bug.c -it --rm arm32v7/ubuntu:18.10 bash -c '{ apt update && apt install -y gcc; } >&/dev/null && mkdir -p /test && cd /test && gcc /tmp/readdir-bug.c && ./a.out' +dir=0xff5b4150 +readdir(dir)=(nil) +errno=75: Value too large for defined data type + +Do remember to replace the /path/to/qemu-arm-static and /path/to/readdir-bug.c to the actual paths of the files. + +The root cause is in glibc: https://sourceware.org/git/?p=glibc.git;a=blob;f=sysdeps/unix/sysv/linux/getdents.c;h=6d09a5be7057e2792be9150d3a2c7b293cf6fc34;hb=a5275ba5378c9256d18e582572b4315e8edfcbfb#l87 + +By C standard, the return type of readdir() is DIR*, in which the inode number and offset are 32-bit integers, therefore, glibc calls getdents64() and check if the inode number and offset fits the 32-bit range, and reports EOVERFLOW if not. + +The problem here is for 32-bit user-static qemu running on 64-bit host, getdents64 simply passing through the inode number and offset from underlying getdents64 syscall (from 64-bit kernel), which is very likely to not fit into 32-bit range. On real hardware, the 32-bit kernel creates 32-bit inode numbers, therefore works properly. + +The glibc code makes sense to do the check to be conformant with C standard, therefore ideally it should be a fix on qemu side. I admit this is difficult because qemu has to maintain a mapping between underlying 64-bit inode numbers and 32-bit inode numbers, which would severely hurt the performance. I don't expect this could be fix anytime soon (or even there would be a fix), but it would be worthwhile to surface this issue. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1810433 b/results/classifier/deepseek-r1:32b/output/manual-review/1810433 new file mode 100644 index 000000000..d91c43bdf --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1810433 @@ -0,0 +1,50 @@ + + + +aarch64-linux-user master: inconsistent pwrite behaviour + +Hello, + +I am running aarch64-linux-user from master, commit 20d6c7312f1b812bb9c750f4087f69ac8485cc90 + +And I've found the following inconsistent emulation of pwrite() call when buf==NULL and len=0. +Minimal reproducible sample is the following: + +#define _GNU_SOURCE +#include <stdlib.h> +#include <stdio.h> +#include <unistd.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <fcntl.h> +#include <string.h> + +/* + System | Result +-------------------------+---------------- + Native x86_64 4.12.14 | pwrite ret = 0 + Native aarch64 4.4.159 | pwrite ret = 0 + qemu-aarch64 at x86_64 | pwrite ret = -1 + ( 20d6c7312f1b8 ) | +*/ + +int main(int argc, char** argv) { + int fd = open("test.dat", O_CREAT | O_RDWR, 0644); + if (fd < 0) { + perror("open"); + return 1; + } + + int ret = fallocate(fd, 0, 0, 1000); + if (ret < 0) { + perror("fallocate"); + return 1; + } + + ssize_t ret_pwrite = pwrite(fd, NULL, 0, 0); + printf("pwrite ret = %ld\n", ret_pwrite); + + close(fd); + + return 0; +} \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1837 b/results/classifier/deepseek-r1:32b/output/manual-review/1837 new file mode 100644 index 000000000..7cda11ff7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1837 @@ -0,0 +1,38 @@ + + + +Support IP_MULTICAST_IF socket option in linux-user +Additional information: +I've run into this limitation in qemu-aarch64-static version Debian 1:6.2+dfsg-2ubuntu6.12, but from the link above, it doesn't seem to be implemented on master yet. + +Here's some source code that demonstrates the failure: +``` +#include <sys/socket.h> +#include <arpa/inet.h> +#include <netinet/ip.h> +#include <unistd.h> +#include <assert.h> +#include <stdio.h> + +int main() +{ + int fd, ret; + struct in_addr addr = {htonl(INADDR_LOOPBACK)}; + + fd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP); + assert(fd >= 0); + ret = setsockopt(fd, IPPROTO_IP, IP_MULTICAST_IF, &addr, sizeof(addr)); + if (ret < 0) + { + perror("setsockopt failed"); + return 1; + } + close(fd); + printf("Success!\n"); + return 0; +} +``` + +When run under qemu, it gives the error `setsockopt failed: Protocol not available`. + +It doesn't look like it should be too hard to support (certainly no worse than IP_ADD_MEMBERSHIP). Let me know if I can help with a patch. diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1869073 b/results/classifier/deepseek-r1:32b/output/manual-review/1869073 new file mode 100644 index 000000000..37f73332e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1869073 @@ -0,0 +1,10 @@ + + + +qemu-arm-static crashes "segmentation fault" when running "git clone -s" + +I want to use qemu-arm-static to cross-compile software. The compiler itself is a native cross-compiler connected via "distcc". + +The problem is that a script tries to do some stuff with "git" and with a "git clone -s" command the whole story reproducibly stops with a "segmentation fault". + +I don't know how to properly debug the issue but it happens 100% of the time that I get the "crash" or git just hangs forever with 100% CPU usage. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1869241 b/results/classifier/deepseek-r1:32b/output/manual-review/1869241 new file mode 100644 index 000000000..6b7faaa9b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1869241 @@ -0,0 +1,22 @@ + + + +svn checkout fails with E000075 "Value too large for defined data type" + +I try to autobuild for ARM7 with qemu-arm-static. Part of this is downloading source via SVN. + +Whenever I try to download a SVN repository I get the following output: + + svn: E000075: Can't read directory '...': Value too large for defined data type + +qemu-arm-static version is 4.2.0 + +I've also tried older versions without change. + +Platform I try to emulate is armv7h (Arch Linux ARM for Raspberry Pi 2) + +Host system is AMD64 + +This can be reproduced 100% of the time. Here I have the issue happening on Travis CI: + +https://travis-ci.com/github/VDR4Arch/vdr4arch/jobs/304839747#L7228 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1910605 b/results/classifier/deepseek-r1:32b/output/manual-review/1910605 new file mode 100644 index 000000000..1b4342cfe --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1910605 @@ -0,0 +1,19 @@ + + + +qemu-arm-static ioctl USBDEVFS_BULK return -1 (EFAULT) Bad address + + + +Snippet of code sample: + +struct usbdevfs_bulktransfer Bulk; +Bulk.ep = hUsb->UsbOut; +Bulk.len = Len; +Bulk.data = (void *)pData; +Bulk.timeout = Timeout; +Bytes = ioctl(hUsb->fd, USBDEVFS_BULK, &Bulk) + +The above code sample return -1 (EFAULT) Bad address when using qemu-arm-static but is running ok when on qemu-aarch64-static. + +I use a 64-bit intel laptop \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/1926521 b/results/classifier/deepseek-r1:32b/output/manual-review/1926521 new file mode 100644 index 000000000..84aee5b60 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/1926521 @@ -0,0 +1,65 @@ + + + +QEMU-user ignores MADV_DONTNEED + +There is comment int the code "This is a hint, so ignoring and returning success is ok" +https://github.com/qemu/qemu/blob/b1cffefa1b163bce9aebc3416f562c1d3886eeaa/linux-user/syscall.c#L11941 + +But it seems incorrect with the current state of Linux + +"man madvise" or https://man7.org/linux/man-pages/man2/madvise.2.html +says the following: +>> These advice values do not influence the semantics +>> of the application (except in the case of MADV_DONTNEED) + +>> After a successful MADV_DONTNEED operation, the semantics +>> of memory access in the specified region are changed: +>> subsequent accesses of pages in the range will succeed, +>> but will result in either repopulating the memory contents +>> from the up-to-date contents of the underlying mapped file +>> (for shared file mappings, shared anonymous mappings, and +>> shmem-based techniques such as System V shared memory +>> segments) or zero-fill-on-demand pages for anonymous +>> private mappings. + +Some applications use this behavior clear memory and it +would be nice to be able to run them on QEMU without +workarounds. + +Reproducer on "Debian 5.10.24 x86_64 GNU/Linux" as a host. + + +``` +#include "assert.h" +#include "stdio.h" +#include <sys/mman.h> +#include <errno.h> + +int main() { + char *P = (char *)mmap(0, 4096, PROT_READ | PROT_WRITE, + MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); + assert(P); + *P = 'A'; + while (madvise(P, 4096, MADV_DONTNEED) == -1 && errno == EAGAIN) { + } + assert(*P == 0); + + printf("OK\n"); +} + +/* +gcc /tmp/madvice.c -o /tmp/madvice + +qemu-x86_64 /tmp/madvice +madvice: /tmp/madvice.c:13: main: Assertion `*P == 0' failed. +qemu: uncaught target signal 6 (Aborted) - core dumped +Aborted + +/tmp/madvice +OK + + +*/ + +``` \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/2101 b/results/classifier/deepseek-r1:32b/output/manual-review/2101 new file mode 100644 index 000000000..eefe48057 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/2101 @@ -0,0 +1,20 @@ + + + +[qemu-user/qemu-x86_64] run x86_64 'ls /' on aarch64 platform get wrong result +Description of problem: +``` + qemu-x86_64 -L /tmp/ls-x86_64/root-x86_64-ls /tmp/ls-x86_64/root-x86_64-ls/bin/ls -l / + ``` +get wrong result +Steps to reproduce: +1. copy /usr/bin/ls and the so library files it depends on from x86_64 platform to aarch64 platform +2. qemu-x86_64 -L /path/to/x86_64/lib/root/dir /path/to/ls / -l +Additional information: +Actual test script: +``` +# host +curl -Ls https://github.com/tcler/kiss-vm-ns/raw/master/utils/archive-ld-program.sh | sudo bash /dev/stdin ls +scp ls.x86_64.ash root@jiyin-fedora-39_aarch64: +ssh root@jiyin-fedora-39_aarch64 ./ls.x86_64.ash -l / +``` diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/2122 b/results/classifier/deepseek-r1:32b/output/manual-review/2122 new file mode 100644 index 000000000..859d184f7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/2122 @@ -0,0 +1,10 @@ + + + +qemu-user-static segfault running ldconfig on host x86_64 with client arm64 +Description of problem: +qemu segfault +Steps to reproduce: +1. download ubuntu jammy arm64 rootfs (I assume any will do) +2. mount it (with /proc from host so apt is happy) +3. execute an apt uninstall that triggers libc-bin processing diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/2248 b/results/classifier/deepseek-r1:32b/output/manual-review/2248 new file mode 100644 index 000000000..9a2f29fd8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/2248 @@ -0,0 +1,39 @@ + + + +qemu-aarch64: wrong execution result when executing the code +Description of problem: +The following aarch64 code results in the wrong execution result `4611686018427387903`, which is `0x3fffffffffffffff`. (The correct result is `-1`) The bug seems to be introduced in between v8.1.5 and v8.2.1 since the results are correct in v8.1.5. + +```c +// foo.c +#include <stdio.h> +#include <stdint.h> + +int64_t callme(size_t _1, size_t _2, int64_t a, int64_t b, int64_t c); + +int main() { + int64_t ret = callme(0, 0, 0, 1, 2); + printf("%ld\n", ret); + return 0; +} +``` + +```s +// foo.S +.global callme +callme: + cmp x2, x3 + cset x12, lt + and w11, w12, #0xff + cmp w11, #0x0 + csetm x14, ne + lsr x13, x14, x4 + sxtb x0, w13 + ret +``` +Steps to reproduce: +1. Build the code with `aarch64-linux-gnu-gcc foo.c foo.S -o foo` (`aarch64-linux-gnu-gcc (Ubuntu 11.4.0-1ubuntu1~22.04) 11.4.0`) +2. Run the code with `qemu-aarch64 -L /usr/aarch64-linux-gnu -E LD_LIBRARY_PATH=/usr/aarch64-linux-gnu/lib foo` and see the result +Additional information: +- Original discussion is held in [this wasmtime issue](https://github.com/bytecodealliance/wasmtime/issues/8233). Thanks to Alex Crichton for clarifying this bug. diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/2262 b/results/classifier/deepseek-r1:32b/output/manual-review/2262 new file mode 100644 index 000000000..31e8cc135 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/2262 @@ -0,0 +1,202 @@ + + + +linux-user riscv32: wait4/waitpid returns wrong value +Description of problem: +Background job started by bash shell in riscv32 chroot environment under qemu linux-user emulation hangs indefinitely. + +strace shows repeated waitid flood `waitid(P_ALL, -1, {}, WNOHANG|WEXITED|WSTOPPED|WCONTINUED, NULL) = 0`. +Steps to reproduce: +1. cross compile a riscv32 environment with crossdev on gentoo or other way and chroot into it. +2. run `sleep 1000 &` +3. run `ls` +4. infinite hangs + +I have a small reproducer that I think may uncover the issue, but I am not 100% sure. I also tried running qemu with sanitizers enabled, but it produces no warning. Happy to provide a tar bar of my riscv32 rootfs if needed. + +<details><summary>simple_shell.c</summary> + +``` +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> +#include <string.h> +#include <sys/wait.h> +#include <signal.h> + +#define MAX_LINE 80 /* The maximum length command */ + +#define BACKGROUND 0 +#define FOREGROUND 1 + +struct Job { + pid_t pid; + char command[MAX_LINE]; + int state; // 0 for background, 1 for foreground +}; + +struct Job jobs[10]; // Maximum 10 background jobs +int num_jobs = 0; + +void handle_signal(int signum) { + // Do nothing for now +} + +int launch_process(char **args, int state) { + pid_t pid; + int status; + + pid = fork(); + if (pid == 0) { + // Child process + if (execvp(args[0], args) == -1) { + perror("Error in execvp"); + exit(EXIT_FAILURE); + } + } else if (pid < 0) { + // Error forking + perror("Error forking"); + } else { + // Parent process + if (state == FOREGROUND) { + // Wait for the child process to finish if it's foreground + do { + wait4(pid, &status, WUNTRACED, NULL); + } while (!WIFEXITED(status) && !WIFSIGNALED(status)); + } else { + // Background process, add to jobs list + jobs[num_jobs].pid = pid; + strcpy(jobs[num_jobs].command, args[0]); + jobs[num_jobs].state = BACKGROUND; + num_jobs++; + } + } + return 1; +} + +void bg_command(int job_number) { + // Send SIGCONT signal to a background job + if (kill(jobs[job_number].pid, SIGCONT) == -1) { + perror("kill"); + } else { + jobs[job_number].state = BACKGROUND; + } +} + +void fg_command(int job_number) { + // Bring a background job to foreground + if (kill(jobs[job_number].pid, SIGCONT) == -1) { + perror("kill"); + } else { + jobs[job_number].state = FOREGROUND; + int status; + wait4(jobs[job_number].pid, &status, WUNTRACED, NULL); + } +} + +int main(void) { + char *args[MAX_LINE/2 + 1]; /* command line arguments */ + int should_run = 1; /* flag to determine when to exit program */ + char command[MAX_LINE]; /* buffer to hold the command */ + char *token; /* token for parsing the command */ + + signal(SIGINT, handle_signal); /* Ignore SIGINT for now */ + signal(SIGTSTP, handle_signal); /* Ignore SIGTSTP for now */ + + while (should_run) { + printf("Shell> "); + fflush(stdout); + fgets(command, MAX_LINE, stdin); /* read command from stdin */ + command[strcspn(command, "\n")] = '\0'; /* remove newline character */ + + if (strcmp(command, "exit") == 0) { + should_run = 0; /* exit the shell */ + continue; + } + + if (strcmp(command, "") == 0) { + continue; /* skip empty commands */ + } + + if (strcmp(command, "cd") == 0) { + char *home = getenv("HOME"); + chdir(home); + continue; + } + + if (strcmp(command, "bg") == 0) { + // Run the most recent background job in the background + bg_command(num_jobs - 1); + continue; + } + + if (strcmp(command, "fg") == 0) { + // Bring the most recent background job to foreground + fg_command(num_jobs - 1); + continue; + } + + token = strtok(command, " "); + int i = 0; + while (token != NULL) { + args[i] = token; + token = strtok(NULL, " "); + i++; + } + args[i] = NULL; + + if (strcmp(args[i-1], "&") == 0) { + args[i-1] = NULL; + launch_process(args, BACKGROUND); + } else { + launch_process(args, FOREGROUND); + } + + pid_t tmp; + // Check if any background jobs have finished + for (int j = 0; j < num_jobs; j++) { + if ((tmp = wait4(jobs[j].pid, NULL, WNOHANG, NULL)) > 0) { + printf("[%d] Done\t%s\n", j, jobs[j].command); + // Remove job from list + for (int k = j; k < num_jobs - 1; k++) { + jobs[k] = jobs[k + 1]; + } + num_jobs--; + } + printf("wait4 ret: %d\n", tmp); + } + } + return 0; +} +``` + +</details> + +<details><summary>loop.c</summary> +int main() {while(1){}} +</details> + +1. compile simple_shell.c, statically for simplicity. `riscv32-unknown-gnu-gcc simple_shell.c --static -o shell_riscv32` +2. compile loop.c to riscv32 or x86_64 (x86_64 is simpler with same result) `gcc loop.c --static -o loop` +3. run shell with qemu user +``` +qemu-user-riscv32 ./shell_riscv32 +shell> ./loop & +[0] Done ./sleep_riscv32 +wait4 ret: 98298 +``` +where it is supposed to return 0 on riscv64 or x86 +Additional information: +More context: +This was found on the side when I was trying to track down a riscv32 infinite loop issue with linux-user emulation that has been blocking riscv32 gentoo bootstrap. I am not certain if my reproducer does reproduced that issue, but feels it is close. strace attached to the process repeats, +``` +waitid(P_ALL, -1, {}, WNOHANG|WEXITED, NULL) = 0 +rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], NULL, 8) = 0 +rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], NULL, 8) = 0 +rt_sigprocmask(SIG_SETMASK, [CHLD], NULL, 8) = 0 +rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], NULL, 8) = 0 +rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], NULL, 8) = 0 +rt_sigprocmask(SIG_SETMASK, [CHLD], NULL, 8) = 0 +waitid(P_ALL, -1, ^Cstrace: Process 237805 detached +``` +It appears to be first mentioned here <https://lists.gnu.org/archive/html/qemu-devel/2021-01/msg05475.html>. diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/2333 b/results/classifier/deepseek-r1:32b/output/manual-review/2333 new file mode 100644 index 000000000..103adf3c7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/2333 @@ -0,0 +1,48 @@ + + + +VDSO on armeb seems broken +Description of problem: +I'm seeing the VDSO method for `__clock_gettime64()` crashing under `qemu-armeb` (stack trace under Additional information, below). + +I rebuilt glibc with VDSO globally kludged off, and all was well. +Steps to reproduce: +``` +#include <time.h> +#include <stdlib.h> +#include <stdio.h> + +int main(int argc, char **argv) { + time_t ts; + printf("%ld\n", time(&ts)); + exit(0); +} +``` + +Results, first with VDSO active via a system snapshot, second with the patched glibc: +``` +$ armeb-linux-gnueabihf-gcc -o /tmp/time /tmp/time.c +$ qemu-armeb -L /.mirrorsnaps/.rootsnap.prev/usr/armeb-linux-gnueabihf /tmp/time +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault +$ qemu-armeb -L /usr/armeb-linux-gnueabihf /tmp/time +1715123280 +``` +Additional information: +``` +Program received signal SIGSEGV, Segmentation fault. +0x4082b462 in ?? () +(gdb) bt +#0 0x4082b462 in ?? () +#1 0x40bf64a4 in __GI___clock_gettime64 (clock_id=clock_id@entry=5, tp=tp@entry=0x407fe9c0) + at ../sysdeps/unix/sysv/linux/clock_gettime.c:42 +#2 0x40be9f58 in __GI___time64 (timer=0x0) at ../sysdeps/unix/sysv/linux/time.c:60 +#3 __time (timer=0x407fea04) at ../sysdeps/unix/sysv/linux/time.c:73 +``` + +`clock_gettime.c:42` is +``` + r = INTERNAL_VSYSCALL_CALL (vdso_time64, 2, clock_id, tp); +``` + +Interestingly, the problem doesn't occur on qemu-arm (little endian), all else equal. diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/2410 b/results/classifier/deepseek-r1:32b/output/manual-review/2410 new file mode 100644 index 000000000..ec48cb93e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/2410 @@ -0,0 +1,95 @@ + + + +linux-user: `Setsockopt` with IP_OPTIONS returns "Protocol not available" error +Description of problem: +It seems that call to `setsockopt(sd, SOL_IP, IP_OPTIONS,_)` behaves differently on RISC-V Qemu than on x64 Linux. +On Linux syscall returns 0, but on Qemu it fails with `Protocol not available`. +According [man](https://man7.org/linux/man-pages/man7/ip.7.html) `IP_OPTIONS` on `SOCK_STREAM` socket "should work". +Steps to reproduce: +1. Use below toy program `setsockopt.c` and compile it without optimizations like: +``` + gcc -Wall -W -Wextra -std=gnu17 -pedantic setsockopt.c -o setsockopt +``` + +``` +#include <sys/types.h> +#include <sys/socket.h> +#include <arpa/inet.h> +#include <netinet/in.h> +#include <unistd.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> + +int main() { + { + int sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if(sd < 0) { + perror("Opening stream socket error"); + exit(1); + } + else + printf("Opening stream socket....OK.\n"); + + struct sockaddr_in local_address = {AF_INET, htons(1234), {inet_addr("255.255.255.255")}, {0}}; + int err = connect(sd, (struct sockaddr*)&local_address, (socklen_t)16); + + if (err < 0) { + perror("Connect error"); + close(sd); + } + else + printf("Connect...OK.\n"); + } + { + int sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP); + if(sd < 0) { + perror("Opening stream socket error"); + exit(1); + } + else + printf("Opening stream socket....OK.\n"); + + char option[4] = {0}; + if(setsockopt(sd, SOL_IP, IP_OPTIONS, (char *)option, sizeof(option)) < 0) { + perror("setsockopt error"); + close(sd); + exit(1); + } + else + printf("setsockopt...OK.\n"); + + struct sockaddr_in local_address = {AF_INET, htons(1234), {inet_addr("255.255.255.255")}, {0}}; + int err = connect(sd, (struct sockaddr*)&local_address, (socklen_t)16); + + if (err < 0) { + perror("Connect error"); + close(sd); + } + else + printf("Connect...OK.\n"); + } + return 0; +} +``` + + +2. Run program on Qemu and compare output with output from x64 build. In my case it looks like: +``` +root@AMDC4705:~/runtime/connect$ ./setsockopt-x64 +Opening stream socket....OK. +Connect error: Network is unreachable +Opening stream socket....OK. +setsockopt...OK. +Connect error: Network is unreachable + +root@AMDC4705:/runtime/connect# ./setsockopt-riscv +Opening stream socket....OK. +Connect error: Network is unreachable +Opening stream socket....OK. +setsockopt error: Protocol not available +``` +Additional information: +In above demo option `value` is quite artificial. However I tried passing many different `option` arguments (with same `SOL_IP` + `IP_OPTIONS` combination) but always ended up with `setsockopt` failure. +From the other hand on x64 it worked fine. Then I realized that appropriate path in Qemu was unimplemented: https://github.com/qemu/qemu/blob/master/linux-user/syscall.c#L2141 diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/2446 b/results/classifier/deepseek-r1:32b/output/manual-review/2446 new file mode 100644 index 000000000..13ff21166 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/2446 @@ -0,0 +1,63 @@ + + + +linux-user: Qemu doesn't support `set_robust_list` used by glibc robust mutex implementation +Description of problem: +It seems that syscall set_robust_list is not implemented on Qemu for any Linux platform: [link]( https://github.com/qemu/qemu/blob/master/linux-user/syscall.c#L12811) +Steps to reproduce: +1. Use below toy program `set_robust_list.c` and compile it without optimizations like: +``` + gcc -Wall -W -Wextra -std=gnu17 -pedantic set_robust_list.c -o set_robust_list +``` + +``` +#include <stdio.h> +#include <stdlib.h> +#include <errno.h> +#include <sys/syscall.h> +#include <sys/types.h> +#include <unistd.h> +#include <linux/futex.h> +#include <syscall.h> + +int main(void) +{ +#ifdef __NR_set_robust_list + struct robust_list_head head; + size_t len = sizeof(struct robust_list_head); + + // This call to set_robust_list function should fail + int err = syscall(__NR_set_robust_list, &head, -1); + if (err < 0) + perror("1st set_robust_list error"); + else + puts("1st set_robust_list OK"); + + // This call to set_robust_list function should be sucessful + err = syscall(__NR_set_robust_list, &head, len); + if (err < 0) + perror("2nd set_robust_list error"); + else + puts("2nd set_robust_list OK"); +#else + puts("No set_robust_list support"); +#endif + exit(0); +} +``` + +2. Run program on Qemu and compare output with output from x64 build. In my case it looks like: +``` +root@AMDC4705:/runtime/set_robust_list# ./set_robust_list +1st set_robust_list error: Invalid argument +2nd set_robust_list OK +root@AMDC4705:/runtime/set_robust_list# ./set_robust_list-riscv +1st set_robust_list error: Function not implemented +2nd set_robust_list error: Function not implemented +``` +Additional information: +Working `set_robust_list` on Linux is quite important in context of named robust mutexes. In NPTL `set_robust_list` is used internally at ld.so initialization time to perform following check: [link](https://github.com/bminor/glibc/blob/master/sysdeps/nptl/dl-tls_init_tp.c#L96) + +When syscall fails, later `pthread_mutex_init` (with `PTHREAD_MUTEX_ROBUST` + `PTHREAD_PROCESS_SHARED` attributes) end up with `ENOTSUP` error [link](https://github.com/bminor/glibc/blob/master/nptl/pthread_mutex_init.c#L99). + +In dotnet we use robust mutexes for process synchronization purpose. Although there are other available techniques like named semaphores or file locks, robust mutexes are better locking option in case of unexpected process death. diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/2553 b/results/classifier/deepseek-r1:32b/output/manual-review/2553 new file mode 100644 index 000000000..f6a16c6da --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/2553 @@ -0,0 +1,85 @@ + + + +Joining IP multicast fails when emulating 64-bit Linux +Description of problem: +I have some code that joins IP multicast groups and I'd like to use QEMU to test it on big-endian and/or 32-bit platforms. But when I compile it for 64-bit big-endian platforms (e.g. PowerPC64) and run it under QEMU user-mode emulation, the setsockopt(IP_ADD_MEMBERSHIP) call fails with ENODEV. + +This appears to refer to the imr_ifindex ("interface index") field in struct ip_mreqn not being valid, which in turn appears to be because it's not being correctly marshalled from the binary under emulation, to the host's *actual* setsockopt system call. + +I *think* this may be because linux-user/syscall_defs.h (https://github.com/qemu/qemu/blob/master/linux-user/syscall_defs.h) contains the following at line 210: + +``` +struct target_ip_mreqn { + struct target_in_addr imr_multiaddr; + struct target_in_addr imr_address; + abi_long imr_ifindex; +}; +``` + +but the actual Linux ip_mreqn has imr_ifindex as an int (32-bit everywhere) not a long (64-bit on PPC64); the size of this structure is 12 on all Linux platforms. + +I opted to submit an issue instead of just patching it, in case there was some wider context I hadn't seen? +Steps to reproduce: +1. take the following C program (distilled from a larger program): + +``` +#include <sys/types.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <stdio.h> +#include <stdlib.h> + +int main(int argc, char *argv[]) +{ + int fd = socket(AF_INET, SOCK_DGRAM, 0); + if (fd < 0) { + perror("socket"); + return 1; + } + + struct ip_mreqn mreq; + mreq.imr_multiaddr.s_addr = inet_addr("239.255.255.250"); + mreq.imr_address.s_addr = htonl(INADDR_ANY); + mreq.imr_ifindex = 1; + int size = sizeof(mreq); + printf("size=%u\n", size); + if (setsockopt(fd, IPPROTO_IP, IP_ADD_MEMBERSHIP, + (char*) &mreq, sizeof(mreq)) < 0) { + perror("setsockopt"); + return 1; + } + printf("OK\n"); + return 0; +} +``` + +2. confirm it works compiled native on amd64/x86_64: + +``` +[peter@amd64 misc]$ gcc mcast.c -o mcast +[peter@amd64 misc]$ ./mcast +size=12 +OK +``` + +3. watch it *not* work emulated: + +``` +[peter@amd64 misc]$ powerpc64-linux-gnu-gcc mcast.c -o mcast.ppc64 +[peter@amd64 misc]$ QEMU_LD_PREFIX=/usr/powerpc64-linux-gnu qemu-ppc64 ./mcast.ppc64 +size=12 +setsockopt: No such device +``` +Additional information: +If the target_ip_mreqn issue is real, the following code in syscall.c helped conceal it: + + if (optlen < sizeof (struct target_ip_mreq) || + optlen > sizeof (struct target_ip_mreqn)) { + return -TARGET_EINVAL; + } + +Should this instead be testing for size equal to target_ip_mreq or equal to target_ip_mreqn, not anywhere in between? in this case target_ip_mreq is 8 bytes, target_ip_mreqn is 16 bytes, but optlen is 12. The end result is that QEMU passes 4 bytes of uninitialised stack memory as imr_ifindex! + +The actual kernel behaviour appears to be: smaller than ip_mreq, EINVAL; between ip_mreq and ip_mreqn, silently treat as ip_mreq; larger or equal to ip_mreqn, silently treat as ip_mreqn. see https://github.com/torvalds/linux/blob/b31c4492884252a8360f312a0ac2049349ddf603/net/ipv4/ip_sockglue.c#L1234 diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/570 b/results/classifier/deepseek-r1:32b/output/manual-review/570 new file mode 100644 index 000000000..325d5ea7a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/570 @@ -0,0 +1,4 @@ + + + +linux-user/sh4/termbits.h:276: warning: "TIOCSER_TEMT" redefined diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/602 b/results/classifier/deepseek-r1:32b/output/manual-review/602 new file mode 100644 index 000000000..05132daf5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/602 @@ -0,0 +1,16 @@ + + + +Failure to translate host to target errno in IP_RECVERR, IPV6_RECVERR emulation +Description of problem: +In translated IP_RECVERR (and IPV6_RECVERR) control messages, the `ee_errno` is not translated, so host errnos are observed on guests. E.g., `ECONNREFUSED` is 111 on x86_64 host, but expected to be 146 in MIPS ABI. +Steps to reproduce: +1. https://cirrus-ci.com/task/5914289870471168 +Additional information: +The bugs are on [lines 1970 and 2014 here](https://github.com/qemu/qemu/blob/211364c21e7f757ae1acf4e72b5df39c498fb88b/linux-user/syscall.c#L1970-L2014). + +The fix is something like: + +``` +__put_user(host_to_target_errno(errh->ee.ee_errno), &target_errh->ee.ee_errno); +``` diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/817 b/results/classifier/deepseek-r1:32b/output/manual-review/817 new file mode 100644 index 000000000..bb98d5237 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/817 @@ -0,0 +1,4 @@ + + + +linux-user: waitid leaves target siginfo uninitialized when info.si_pid is zero diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/829 b/results/classifier/deepseek-r1:32b/output/manual-review/829 new file mode 100644 index 000000000..3314ee07b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/829 @@ -0,0 +1,17 @@ + + + +user space emulation: openat() seems to defeat sysroot path translation +Description of problem: +It appears that the user space emulation code is doing some path manipulation of some syscalls to sometimes prefix them with the sysroot. This seems to be interacting badly sometimes with certain usage patterns. This was noticed because a test suite of various libc calls was failing under `qemu-arm`, and a `strace` of the qemu-arm process revealed that the translated paths were being inconsistently applied. + +In particular, the sequence which fails is: +* create a file in `/tmp/`. +* open `/tmp` itself. This succeeds, but `strace` reveals that it actually opened `SYSROOT/tmp/`. +* `openat(tmpfd, tmpfile_name)` then fails, as the fd provided to openat is actually inside the sysroot, not at `/tmp` as expected. +Steps to reproduce: +1. Get toolchain https://toolchains.bootlin.com/downloads/releases/toolchains/armv7-eabihf/tarballs/armv7-eabihf--uclibc--bleeding-edge-2021.11-1.tar.bz2 +2. Compile attached test program [test_openat.c](/uploads/69eb997256ff29d2178be85531c6b3c6/test_openat.c) +3. Try to run under `qemu-arm`. + +This code passes in non-emulated situations, but fails under user-space emulation. Presumably it would also pass under full system emulation. diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/833 b/results/classifier/deepseek-r1:32b/output/manual-review/833 new file mode 100644 index 000000000..a3ce6e4f0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/833 @@ -0,0 +1,45 @@ + + + +linux-user: sendmsg fails to send messages without iov +Description of problem: +When run via qemu `sendmsg` fails to send messages which contain a zero length `iov` but _do_ contain ancillary data. This works fine on plain Linux. + +A practical example: the `ell` library relies on this for setting the IV on a kernel crypto (`AF_ALG`) socket: https://git.kernel.org/pub/scm/libs/ell/ell.git/tree/ell/cipher.c#n526 + +A message without data but only ancillary data is used to set the IV. +Steps to reproduce: +See [qemu_ancillary.c](/uploads/84ee20aa3b9178022847d6cd7fcf0048/qemu_ancillary.c) for a self contained testcase which sends two mesages (one with `msg_iovlen=0`, one with `msg_iovlen=1`). + +(Test case is to be considered GPL, as I've copied bits from `ell`) + +Native: +``` +$ strace -esendmsg ./a.out +sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=NULL, msg_iovlen=0, msg_control=[{cmsg_len=36, cmsg_level=SOL_ALG, cmsg_type=0x2}], msg_controllen=40, msg_flags=0}, 0) = 0 +sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", iov_len=16}], msg_iovlen=1, msg_control=[{cmsg_len=36, cmsg_level=SOL_ALG, cmsg_type=0x2}], msg_controllen=40, msg_flags=0}, 0) = 16 ++++ exited with 0 +++ +``` + + +Qemu (observe missing sendmsg call): +``` +$ strace -esendmsg ~/debug/qemu/build/qemu-x86_64 ./a.out +sendmsg(6, {msg_name=NULL, msg_namelen=0, msg_iov=[{iov_base="\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0", iov_len=16}], msg_iovlen=1, msg_control=[{cmsg_len=36, cmsg_level=SOL_ALG, cmsg_type=0x2}], msg_controllen=40, msg_flags=0}, 0) = 16 ++++ exited with 0 +++ +``` + +For a practical reproducer: + +1. Compile and run `ell`'s `test-cipher` test case: + +``` +$ ~/debug/qemu/build/qemu-x86_64 ./unit/test-cipher +TEST: unsupported +TEST: aes +TEST: aes_ctr +test-cipher: unit/test-cipher.c:102: test_aes_ctr: Assertion `!r' failed. +Aborted (core dumped) +``` + +A strace will look similar. diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/911 b/results/classifier/deepseek-r1:32b/output/manual-review/911 new file mode 100644 index 000000000..f54a96ae3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/911 @@ -0,0 +1,20 @@ + + + +Unable to strace execve calls in mipsel user mode +Description of problem: +Used 6.2.0 ZIP and git to build, configured with +``` +./configure --target-list=mipsel-linux-user --static --disable-system --enable-linux-user +``` + +When trying to strace a mipsel-arch application, I cannot see traces for the `execve` syscall. It looks like the call to `safe_execve` is not returning, so the strace printout is never completed. I'm assuming this has to do with `execve` syscall not returning on success, but older versions appeared to be able to do it. I tried it with QEMU 4.2.1 from the package manager on Ubuntu and I saw the `execve` syscall (see qemu-4.2.1.log). +Steps to reproduce: +1. Build mipsel app: ` mipsel-linux-gnu-gcc -o test.mipsel test.c` (Test code is attached as `test.c`) +2. Run qemu-mipsel: `./build/qemu-mipsel -L /usr/mipsel-linux-gnu/ -strace ../test.mipsel` +3. Note that even though the app uses both `system` and `popen` to create subprocesses, no `execve` syscall is shown in the strace output. +Additional information: +[qemu-6.2.90.log](/uploads/ca03e6f40b3b0ea79a042786a123760a/qemu-6.2.90.log) +[qemu-6.2.0.log](/uploads/ca15057398377d49b396e9e77a5cb639/qemu-6.2.0.log) +[qemu-4.2.1.log](/uploads/1087250dd9fc4d8d106d2cbc58c2b14a/qemu-4.2.1.log) +[test.c](/uploads/9d242a724b10b296cfd7a945ae4d6c4d/test.c) diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/957 b/results/classifier/deepseek-r1:32b/output/manual-review/957 new file mode 100644 index 000000000..e5e185f1c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/957 @@ -0,0 +1,74 @@ + + + +qemu-m68k: python runtime failures, "The futex facility returned an unexpected error code." +Description of problem: +The python interpreter (both Python 3.9 and Python 3.10) crashes during a rebuild of Python itself (fairly reproducible but not always at the same point of the build; using MAKEOPTS=-j1 or running under high system load decreases the probability, as does using the qemu -systrace switch). The output is +``` +The futex facility returned an unexpected error code. +``` + +Digging into glibc sources, this error together with an abort occurs when the return value of a futex call is not in a short list of allowed values, see ``nptl/futex-internal.c`` and ``sysdeps/nptl/futex-internal.h``. + +Running qemu with QEMU_STRACE=1 decreases the probability of the error greatly, but after some attempts I was able to get a log. Several threads seem to write at the same time, leading to rather garbled output, but my interpretation is an error value of "Invalid argument". + + +``` +116876 get_thread_area(0x00000001) = 989882672 +116876 116876 get_thread_area(0x00000001)get_thread_area(0x00000018) = 989882672 + = 1065219744 +116876 get_thread_area(0x00000000) = 1065219744 +116876 futex(0x3f5003fa,FUTEX_PRIVATE_FLAG|FUTEX_WAIT116876 ,2,116876 NULL,0x3fffda10,get_thread_area(0xffffffff) = 1065219744 +futex(0x3f5003fa,1073732112)FUTEX_PRIVATE_FLAG|FUTEX_WAIT = ,2,NULL,-1 errno=22 (Invalid argument)116876 get_thread_area(0x00000000) + = 1065219744 +0x3fffda10,116876 get_thread_area(0x00000000)1073732112 = )1065219744 +116876 futex(0x3f7d4c34,FUTEX_PRIVATE_FLAG|FUTEX_WAKE,1,NULL,NULL, = 0)-1 errno=22 (Invalid argument) + = 0 + = 116876 get_thread_area(0x3f7d4c34)1 = +116876 get_thread_area(0x00000000) = 1065219744 +926968112 +116876 get_thread_area(0x00000016) = 926968112 +116876 get_thread_area(0x00000000) = 1065219744 +116876 get_thread_area(0x00000000) = 1065219744 +116876 get_thread_area(0x00000001)116876 = futex(116876 0x3f5003fa,get_thread_area(0x00000000)FUTEX_PRIVATE_FLAG| = 926968112 +116876 get_thread_area(0x00000000) = 926968112FUTEX_WAKE +,1,116876 NULL,0x3fffda10,get_thread_area(0x00000000) = 926968112 +1065219744 +116876 get_thread_area(0x00000001)116876 = 1065219744 +1073732112) = 116876 -1 errno=22 (Invalid argument) +futex(0x3ba005fc,FUTEX_PRIVATE_FLAG|FUTEX_CLOCK_REALTIME|FUTEX_WAIT_BITSET,0,NULL,NULL,get_thread_area(0x00000000)0 = 926968112) +116876 get_thread_area(0x00000000) = 926968112 +116876 futex(0x3f7d4c38,FUTEX_PRIVATE_FLAG|FUTEX_WAKE,1,NULL,0x40007bf8,1073773560) = 0 +116876 futex(0x40053a8c,FUTEX_PRIVATE_FLAG|FUTEX_WAKE,1,NULL,NULL,0) = 1 + = 0 +116876 get_thread_area(0x40053a8c) = 885025072 +116876 get_thread_area(0x00000001) = 885025072 +116876 get_thread_area(0x00b4b456) = 885025072 +116876 get_thread_area(0x00000000) = 885025072 +116876 get_thread_area(0x00000000) = 885025072 +116876 Unknown syscall 403 +116876 get_thread_area(0x00000000) = 885025072 +116876 get_thread_area(0x00003baa) = 885025072 +116876 get_thread_area(0x00003b01) = 885025072 +116876 get_thread_area(0x00003b01) = 885025072 +116876 116876 futex(get_thread_area(0x00b4b456)0x3f7d4c30,FUTEX_PRIVATE_FLAG|FUTEX_WAIT_BITSET,0,0x34bfe62c,NULL,0) = 926968112 +116876 get_thread_area(0x00000018) = 926968112 +116876 get_thread_area(0x3ed5b9c8) = 926968112 +116876 get_thread_area(0x00000000) = 926968112 +116876 get_thread_area(0x00000000) = 926968112 +116876 get_thread_area(0x00000000) = 926968112 +116876 get_thread_area(0x00000000) = 926968112 +116876 get_thread_area(0x00000000) = 926968112 +116876 futex(0x3f7d4c30,FUTEX_PRIVATE_FLAG|FUTEX_WAKE,1,NULL,NULL,0) = 1 +116876 get_thread_area(0x00000000) = 926968112 +116876 get_thread_area(0x00000001) = 926968112 +116876 get_thread_area(0x0000000f) = 926968112116876 = 0 + +116876 get_thread_area(0x00000001) = 926968112 +116876 get_thread_area(0x00000001) = 926968112 +116876 get_thread_area(0x00000001)writev(2,0x3affed88,0x1) = 926968112 +The futex facility returned an unexpected error code. +116876 get_thread_area(0x3f7d4c30) = 885025072 +``` + +Advice on how to do further debuggging is appreciated. diff --git a/results/classifier/deepseek-r1:32b/output/manual-review/982 b/results/classifier/deepseek-r1:32b/output/manual-review/982 new file mode 100644 index 000000000..7302cb49d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/manual-review/982 @@ -0,0 +1,40 @@ + + + +linux-user: --strace incorrectly decodes writev arguments for 64-bit binaries on 32-bit machine +Description of problem: +With `--strace`, the arguments to `writev` appear to be decoded incorrectly. +The syscall still succeeds and has the expected effects. +Steps to reproduce: +``` +$ cat main.c +#include <sys/uio.h> + +int main(void) { + struct iovec iov; + iov.iov_base = "hello, world!\n"; + iov.iov_len = 14; + return writev(1, &iov, 1); +} + +$ aarch64-unknown-linux-gnu-gcc -static -o aarch64-main main.c + +$ x86_64-pc-linux-gnu-gcc -static -o x86_64-main main.c + +$ i686-pc-linux-gnu-gcc -static -o i686-main main.c + +$ ./i686-main +hello, world! + +$ strace ./i686-main |& grep writev +writev(1, [{iov_base="hello, world!\n", iov_len=14}], 1hello, world! + +$ qemu-i386 --strace ./i686-main |& grep writev +21953 writev(1,0x407ffe54,0x1) = 14 + +$ qemu-x86_64 --strace ./x86_64-main |& grep writev +22218 writev(1,(nil),0x407ffcc0) = 14 + +$ qemu-aarch64 --strace ./aarch64-main |& grep writev +22523 writev(1,(nil),0x407ffcc8) = 14 +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1010 b/results/classifier/deepseek-r1:32b/output/runtime/1010 new file mode 100644 index 000000000..125ff29d5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1010 @@ -0,0 +1,81 @@ + + + +Errors on 9p mounts +Description of problem: +I'm trying to run Docker VMs with [Lima](https://github.com/lima-vm/lima), which uses QEMU. I'm trying to expose my home directory on macOS to the Ubuntu VM using `9p`. This is how the mount point looks like inside the Ubuntu VM: + +``` +root@lima-docker:~# mount | grep Users +mount0 on /Users/carlos type 9p (rw,relatime,dirsync,fscache,cachetag=4294894070,access=user,trans=virtio,version=9p2000.u) +root@lima-docker:~# +``` + +The problem I'm seeing is that doing an `ls -l /Users/carlos` gives a "Timer expired" error, and no output: + +``` +root@lima-docker:~# ls -l /Users/carlos +ls: reading directory '/Users/carlos': Timer expired +total 0 +``` + +Under `strace`, it seems that the timer error is raised by the `getdents64` system call: + +``` +root@lima-docker:~# strace -f ls -l /Users/carlos +[..] +openat(AT_FDCWD, "/Users/carlos", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3 +newfstatat(3, "", {st_mode=S_IFDIR|0755, st_size=1984, ...}, AT_EMPTY_PATH) = 0 +mmap(NULL, 135168, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xffffa16bf000 +getdents64(3, 0xffffa16bf040, 131072) = -1 ETIME (Timer expired) +[..] +``` + +I've also tried the `9p2000.L` protocol instead, and the results are a bit better. I do get a directory listing, but I see "xxx" errors: + +``` +root@lima-docker:~# ls -l /Users/carlos +ls: /Users/carlos: Network dropped connection on reset +ls: /Users/carlos/Music: Network dropped connection on reset +ls: /Users/carlos/Pictures: Network dropped connection on reset +ls: /Users/carlos/Desktop: Network dropped connection on reset +ls: /Users/carlos/Library: Network dropped connection on reset +ls: /Users/carlos/Public: Network dropped connection on reset +ls: /Users/carlos/Movies: Network dropped connection on reset +ls: /Users/carlos/Applications: Network dropped connection on reset +ls: /Users/carlos/Dropbox: Network dropped connection on reset +ls: /Users/carlos/Maildir: Network dropped connection on reset +ls: /Users/carlos/Documents: Network dropped connection on reset +ls: /Users/carlos/Downloads: Network dropped connection on reset +total 0 +drwx------ 5 carlos dialout 160 Dec 6 10:31 Applications +drwx------ 4 carlos dialout 128 Apr 28 14:40 Desktop +drwx------ 12 carlos dialout 384 Apr 30 08:44 Documents +drwx------ 164 carlos dialout 5248 Apr 29 13:50 Downloads +drwx------ 8 carlos dialout 256 Sep 4 2021 Dropbox +drwx------ 82 carlos dialout 2624 Apr 8 14:05 Library +drwxr-xr-x 3 carlos dialout 96 Nov 12 12:28 Maildir +drwx------ 4 carlos dialout 128 Jul 19 2021 Movies +drwx------ 4 carlos dialout 128 Aug 19 2021 Music +drwx------ 4 carlos dialout 128 Jul 19 2021 Pictures +drwxr-xr-x 4 carlos dialout 128 Jul 19 2021 Public +``` + +The errors in this case seem to come from the `lgetxattr`system call: + +``` +root@lima-docker:~# strace -f ls -l /Users/carlos +[..] +statx(AT_FDCWD, "/Users/carlos/Downloads", AT_STATX_SYNC_AS_STAT|AT_SYMLINK_NOFOLLOW, STATX_MODE|STATX_NLINK|STATX_UID|STATX_GID|STATX_MTIME|STATX_SIZE, {stx_mask=STATX_BASIC_STATS|STATX_MNT_ID, stx_attributes=0, stx_mode=S_IFDIR|0700, stx_size=5248, ...}) = 0 +lgetxattr("/Users/carlos/Downloads", "security.selinux", 0xaaaaec72da70, 255) = -1 ENETRESET (Network dropped connection on reset) +write(2, "ls: ", 4ls: ) = 4 +write(2, "/Users/carlos/Downloads", 23/Users/carlos/Downloads) = 23 +write(2, ": Network dropped connection on "..., 37: Network dropped connection on reset) = 37 +[..] +``` + +I've reported this to the Lima folks at https://github.com/lima-vm/lima/issues/831, and they suggested opening an issue here. Any ideas? +Steps to reproduce: +1. If you have Lima installed (I'm using version 0.10.0): `limactl start --name=docker ./lima-templates/docker.yaml` +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1010484 b/results/classifier/deepseek-r1:32b/output/runtime/1010484 new file mode 100644 index 000000000..d0df25318 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1010484 @@ -0,0 +1,9 @@ + + + +slirp to accept non-local dns server + +current version of slirp doesn't allow feeded dns address to be outside of given network. +in many scenarios you need to provide dns server that isn't local. + +this simple patch removes checking for if dns server isn't in local subnet. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1027 b/results/classifier/deepseek-r1:32b/output/runtime/1027 new file mode 100644 index 000000000..cad3d64f5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1027 @@ -0,0 +1,18 @@ + + + +Executables should have embedded plist on macOS +Description of problem: +QEMU binaries on macOS should have an embedded property list (`plist`). + +The bundle identifier of an application, as well as many other settings, are usually not set programmatically but through an `Info.plist` file found within the application bundle (`.app`) which is a property list (basically a settings file in XML format). + +When liking a command line binary, you can tell the linker to embed such a property list inside the binary and the system will respect that when loading the binary. Having an embedded `Info.plist` is highly recommended for all macOS applications, even command line tools, as many system features will not work correctly (or are not even possible) unless they have one (not in all places the binary name will work instead of a bundle identifier). + +All you need to do is writing a [plist file by hand](https://docs.transifex.com/formats/apple-plist) (for a list of available keys, see [Apple's documentation](https://developer.apple.com/library/archive/documentation/General/Reference/InfoPlistKeyReference/Introduction/Introduction.html)) and then tell the liker to embed it into the binary: + +``` +-sectcreate __TEXT __info_plist YourPlistFile.plist +``` + +This makes it far easier to set app specific settings correctly, as in #334 for example. Also things like sudden termination can be disabled completely that way without a single line of code. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1031920 b/results/classifier/deepseek-r1:32b/output/runtime/1031920 new file mode 100644 index 000000000..18445cd5f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1031920 @@ -0,0 +1,40 @@ + + + +Linux user gdbserver does not respond to remote `Ctrl-C' interrupts + +The bug was reproduce in a recent mainline build for ARM Linux by starting emulation with a gdbserver: + +$ qemu-arm -g 1234 a.out + +and then connecting from gdb: + +(gdb) target remote :1234 +Remote debugging using :1234 +[New Remote target] +[Switching to Remote target] +0x00008ba8 in _start () +(gdb) b main +Breakpoint 1 at 0x8cb0: file hello.c, line 5. +(gdb) cont +Continuing. + +Breakpoint 1, main (argc=1, argv=0xf6fff24c) at hello.c:5 +5 int n = 0; +(gdb) l +1 #include <stdio.h> +2 +3 int main (int argc, char **argv) +4 { +5 int n = 0; +6 +7 for (;;) { +8 printf ("Hello, World!\n"); +9 sleep (5); +10 } +(gdb) cont +Continuing. +^C^CInterrupted while waiting for the program. +Give up (and stop debugging it)? (y or n) y + +Notice that the `Ctrl-C' interrupts are ignored. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1034 b/results/classifier/deepseek-r1:32b/output/runtime/1034 new file mode 100644 index 000000000..151e0ef81 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1034 @@ -0,0 +1,20 @@ + + + +Erlang/OTP 25 JIT on AArch64 fails in user mode emulation +Description of problem: +Compiling Erlang/OTP 25 fails with segfault when using user mode (but works in system mode), the Erlang devs have tracked it down in [ErlangForums](https://erlangforums.com/t/otp-25-0-rc3-release-candidate-3-is-released/1317/24) and give this explanation: + +> Thanks, I’ve found a bug in QEMU that explains this. The gist of it is: +> +> Instead of interpreting guest code, QEMU dynamically translates it to the host architecture. When the guest overwrites code for one reason or another, the translation is invalidated and redone if needed. +> +> Our JIT:ed code is mapped in two regions to work in the face of W^X restrictions: one executable but not writable, and one writable but not executable. Both of these regions point to the same physical memory and writes to the writable region are “magically” reflected in the executable one. +> +> I would’ve expected QEMU to honor the IC IVAU / ISB instructions we use to tell the processor that we’ve altered code at a particular address, but for some reason QEMU just ignores them 3 and relies entirely on trapping writes to previously translated code. +> +> In system mode QEMU emulates the MMU and sees that these two regions point at the same memory, and has no problem invalidating the executable region after writing to the writable region. +> +> In user mode it instead calls mprotect(..., PROT_READ) on all code regions it has translated, and invalidates translations in the signal handler. The problem is that we never write to the executable region – just the writable one – so the code doesn’t get invalidated. + +There doesn't seem to a open or closed QEMU bug that actually describes this problem. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1041 b/results/classifier/deepseek-r1:32b/output/runtime/1041 new file mode 100644 index 000000000..e12e90d4e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1041 @@ -0,0 +1,34 @@ + + + +x86_64 Auxillary vector reports platform as i686 which doesn't match the linux kernel +Description of problem: +Based on the kernel source in the auxiliary vector AT_PLATFORM should be `x86_64` (confirmed by running outside qemu). However qemu sets it to `i686`. + +This was originally reported with docker-for-mac, but was reduced on `x86_64` which is why it is pointless +Steps to reproduce: +1. Compile the following for x86_64 (statically if you don't want have an x86_64 dynamic linker) (code originally from https://stackoverflow.com/questions/26520163/accessing-auxiliary-vectors-c) + +``` +#include <stdio.h> +#include <elf.h> + +int main(int argc, char** argv, char* envp[]) { + Elf64_auxv_t *auxv; + while(*envp++ != NULL); + + /*from stack diagram above: *envp = NULL marks end of envp*/ + int i = 0 ; + for (auxv = (Elf64_auxv_t *)envp; auxv->a_type != AT_NULL; auxv++) + /* auxv->a_type = AT_NULL marks the end of auxv */ + { + if( auxv->a_type == AT_PLATFORM) + printf("AT_PLATFORM is: %s\n", ((char*)auxv->a_un.a_val)); + } +} +``` +2. Run with `qemu-x86_64-static` +3. See `AT_PLATFORM is: i686` +4. Compare to "real" x86_64 bit system which gives `AT_PLATFORM is: x86_64` +Additional information: +I think that adding `#define ELF_PLATFORM "x86_64"` [here](https://gitlab.com/qemu-project/qemu/-/blob/master/linux-user/elfload.c#L134) should work (but I don't fully understand the code). Otherwise we just end up getting the 32-bit case. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1044 b/results/classifier/deepseek-r1:32b/output/runtime/1044 new file mode 100644 index 000000000..683946032 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1044 @@ -0,0 +1,4 @@ + + + +Warning: libevent-loop-base.a the table of contents is empty diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1052857 b/results/classifier/deepseek-r1:32b/output/runtime/1052857 new file mode 100644 index 000000000..6cf3a4398 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1052857 @@ -0,0 +1,18 @@ + + + +qemu-user compiled static for ppc fails on 64bit hosts + +On debian I used debootstrap to set up a powerpc chroot. If I then copy in a statically linked qemu-user ppc binary it will work for some commands in the chroot and fail for others. Steps to reproduce: + +host$ mkdir powerpc +host$ sudo debootstrap --arch=powerpc --foreign wheezy powerpc http://ftp.debian.org/debian +host$ sudo cp /usr/bin/qemu-ppc-static powerpc/usr/bin/ +host$ LANG=C sudo chroot powerpc /usr/bin/qemu-ppc-static /bin/bash +I have no name!@guest:/# pwd +/ +I have no name!@guest:/# cd home/ +I have no name!@guest:/home# ls +qemu-ppc-static: /tmp/buildd/qemu-1.1.2+dfsg/linux-user/signal.c:4341: setup_frame: Assertion `({ unsigned long __guest = (unsigned long)(ka->_sa_handler) - guest_base; (__guest < (1ul << 32)) && (!reserved_va || (__guest < reserved_va)); })' failed. + +I have also built this from the git HEAD sources (hash 6b80f7db8a7f84d21e46d01e30c8497733bb23a0) and I get the same result. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1059 b/results/classifier/deepseek-r1:32b/output/runtime/1059 new file mode 100644 index 000000000..e8a073781 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1059 @@ -0,0 +1,13 @@ + + + +qemu: uncaught target signal 6 (Aborted) - core dumped Issue +Description of problem: +When we are trying to use the docker images which is using Qemu internally in mac Os then we are getting the qemu: uncaught target signal 6 (Aborted) - core dumped Issue +Steps to reproduce: +1. https://botfront.io/docs/installation/local-machine install in local machine +2. run bot front run +3. Go to the docker dashboard and open the botfront-rasa. +4.  +Additional information: +Looking forward to get some updates regarding how we can solve this or any hack we can apply here. Thanks in advance. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1068900 b/results/classifier/deepseek-r1:32b/output/runtime/1068900 new file mode 100644 index 000000000..8c4f04574 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1068900 @@ -0,0 +1,8 @@ + + + +Thread cancellation broken in app-level emulation + +Thread cancellation (and certain other implementation-internal things such as set*id() and timers) are implemented in userspace on Linux by stealing a couple of the realtime signals for internal use by the implementation, leaving them unavailable to applications. Unfortunately, this bites qemu application-level emulation when the application being run uses thread cancellation or other features that need such signals. The signal handler is unable to be set (because sigaction on the host rejects the signal numbers) and attempts to send the signals result in it being received not by the emulated application code, but by the libc/libpthread code on which qemu is running; this in turn seems to cause qemu to crash. + +The best solution I can think of is for qemu to steal one of the realtime signals for its own use, and multiplex signal numbers outside the range SIGRTMIN..SIGRTMAX, as well as the stolen signal itself, on top of this stolen signal. This would both allow cancellation to work, and would allow applications the full range of realtime signals when the guest has more signals than the host (e.g. MIPS running on x86 host). \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1070 b/results/classifier/deepseek-r1:32b/output/runtime/1070 new file mode 100644 index 000000000..7f24dfa9e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1070 @@ -0,0 +1,13 @@ + + + +gdbstub XML generation for ARM is done for every CPU +Description of problem: +- As arm_cpu_register_gdb_regs_for_features is called from the device + realize stage for each vCPU in user mode we end up uselessly + regenerating the XML for every new thread. Once you get up to 100 + threads this starts exceeding the large maps done for QHT and PageDesc +Steps to reproduce: +See above command line, valgrind picks it up +Additional information: +See also #866, #967 diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1072 b/results/classifier/deepseek-r1:32b/output/runtime/1072 new file mode 100644 index 000000000..be8fef072 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1072 @@ -0,0 +1,27 @@ + + + +different behavior when remote debugger is used +Description of problem: +I found Qemu shows different behavior when I run Qemu with hello-world (statically linked binary enclosed) directly or run it through remote debugger. I need help to understand the following: + +1. Is this intended behavior? +1. Any way to make the two approaches have consistent behavior (I prefer the behavior shown in the 2nd approach described below) +1. If it is intended behavior, any explanation why or suggestions how to dig further to root cause the difference. + +The corresponding source code is the line 86 in [filedoalloc.c](https://code.woboq.org/userspace/glibc/libio/filedoalloc.c.html#86). It tests if the file (stdout) is char special device (S_ISCHR) +The preprocessed code is as follows: + if (((((st.st_mode)) & 0170000) == (0020000))) + +I then compared two different approaches to run Qemu: + +1. I used the following command line to collect the trace: qemu_aarch64 -strace -plugin $QEMU_ROOT/build/contrib/plugins/libexeclog.so -d plugin hello.a64. This one tests False for S_ISCHR +1. when I used gdb to connect to Qemu and single-step the instructions, S_ISCHR tests True, which is different from running qemu directly (approach 1). + +Thanks! +Steps to reproduce: +1.[hello.a64](/uploads/4b4ccae8c1e4b045c39ceae6a094d55a/hello.a64) +2. +3. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1075 b/results/classifier/deepseek-r1:32b/output/runtime/1075 new file mode 100644 index 000000000..1c45079ab --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1075 @@ -0,0 +1,19 @@ + + + +Unable to create a cluster using ppc64le specific kind binary on x86 host architecture +Description of problem: + +Steps to reproduce: +1. docker run --rm --privileged multiarch/qemu-user-static --reset -p yes +2. wget https://github.com/kubernetes-sigs/kind/releases/download/v0.14.0/kind-linux-ppc64le +3. chmod u+x kind-linux-ppc64le +4. curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/ppc64le/kubectl +5. chmod +x kubectl +6. sudo cp kubectl /usr/local/bin/ +7. KUBECONFIG="${HOME}/kind-test-config" +8. export KUBECONFIG +9. ./kind-linux-ppc64le create cluster --image quay.io/mayurwaghmode111/node-ppc64le:ppc64le -v=3 --wait 1m --retain +10. ./kind-linux-ppc64le export logs +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1093 b/results/classifier/deepseek-r1:32b/output/runtime/1093 new file mode 100644 index 000000000..a8de95a84 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1093 @@ -0,0 +1,36 @@ + + + +RISC-V: signal frame is misaligned in signal handlers +Description of problem: +`qemu-user` misaligns the signal frame (to 4 bytes rather than 16 bytes) on RISC-V 64, e.g causing pointer misalignment diagnostics to be triggered by UBSan. +Steps to reproduce: +1. Create a C file with the following contents: +```c +#include <signal.h> +#include <stdio.h> + +void handler(int sig, siginfo_t *info, void *context) { + printf("signal occurred, info: %p, context: %p\n", info, context); +} + +int main() { + struct sigaction act; + act.sa_flags = SA_SIGINFO; + act.sa_sigaction = handler; + sigaction(SIGINT, &act, NULL); + + // Deliberately misalign the stack + asm volatile ("addi sp, sp, -4"); + + while(1); + // Unreachable +} +``` +2. Compile with an appropriate RISC-V toolchain and run with `qemu-riscv64 ./a.out`. +3. Send a `SIGINT` (e.g by hitting Ctrl-C), and observe that the signal frame will be misaligned: +``` +signal occurred, info: 0x400080025c, context: 0x40008002dc +``` +Additional information: +This issue is alluded to in the source code, see https://gitlab.com/qemu-project/qemu/-/blob/master/linux-user/riscv/signal.c#L68-69. It should be sufficient to change that constant to 15. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1095531 b/results/classifier/deepseek-r1:32b/output/runtime/1095531 new file mode 100644 index 000000000..0de5aed7b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1095531 @@ -0,0 +1,60 @@ + + + +sparc32plus (and others?) has x86 code generation errors on 64bit hosts + +On 64bit hosts, the load and store functions compile improperly. The issue is the call to gen_address_mask() under the ld and st functions in target-sparc/translate.c. Below are some snips from the log file. Doing a gdb debug, this results in constant access violation errors which I do not see when debugging qemu in powerpc mode. + +-------------- +IN: +0x0000000040804aa8: st %i0, [ %fp + 0x44 ] + +OP: + ---- 0x40804aa8 + ld_i64 tmp1,regwptr,$0xb0 + mov_i64 tmp0,tmp1 + movi_i64 tmp2,$0x44 + add_i64 tmp0,tmp0,tmp2 + ld_i64 tmp2,regwptr,$0x80 + ext32u_i64 tmp0,tmp0 + qemu_st32 tmp2,tmp0,$0x0 + +OUT: [size=345] +0x6032d7f0: mov 0x40(%r14),%rbp +0x6032d7f4: mov 0xb0(%rbp),%rbx +0x6032d7fb: add $0x44,%rbx +0x6032d7ff: mov 0x80(%rbp),%rbp +0x6032d806: mov %ebx,%ebx <- bug +0x6032d808: mov %ebp,%edi +0x6032d80a: bswap %edi +0x6032d80c: mov %edi,(%rbx) + +-------------- +IN: +0x0000000040804aec: add %l7, %o7, %l7 +0x0000000040804af0: ld [ %l7 ], %g2 + +OP: + ---- 0x40804aec + ld_i64 tmp1,regwptr,$0x78 + ld_i64 tmp2,regwptr,$0x38 + add_i64 tmp0,tmp1,tmp2 + st_i64 tmp0,regwptr,$0x78 + + ---- 0x40804af0 + ld_i64 tmp1,regwptr,$0x78 + mov_i64 tmp0,tmp1 + ext32u_i64 tmp0,tmp0 + qemu_ld32u g2,tmp0,$0x0 + +OUT: [size=395] +0x6032da80: mov 0x40(%r14),%rbp +0x6032da84: mov 0x78(%rbp),%rbx +0x6032da88: mov 0x38(%rbp),%r12 +0x6032da8c: add %r12,%rbx +0x6032da8f: mov %rbx,0x78(%rbp) +0x6032da93: mov 0x78(%rbp),%rbx +0x6032da97: mov %ebx,%ebx <- bug +0x6032da99: mov (%rbx),%ebx + +In 64bit mode, doing a 32bit operation will result in the top 32bit's being zero'd. I attempted to simply disable the call to gen_address_mask() but that did not fix the issue and actually caused the sparc32plus I was testing to become unusable. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1098729 b/results/classifier/deepseek-r1:32b/output/runtime/1098729 new file mode 100644 index 000000000..4bae42db1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1098729 @@ -0,0 +1,46 @@ + + + +qemu-user-static for armhf: segfault in threaded code + + +Currently running QEMU from git (fedf2de31023) and running the armhf version of qemu-user-static which I have renamed qemu-armhf-static to follow the naming convention used in Debian. + +The host systems is a Debian testing x86_64-linux and I have an Debian testing armhf chroot which I invoke using schroot. + +Majority of program in the armhf chroot run fine, but I'm getting qemu segfaults in multi-threaded programs. + +As an example, I've grabbed the threads demo program here: + + https://computing.llnl.gov/tutorials/pthreads/samples/dotprod_mutex.c + +and changed NUMTHRDS from 4 to 10. I compile it as (same compile command on both x86_64 host and armhf guest): + + gcc -Wall -lpthread dotprod_mutex.c -o dotprod_mutex + +When compiled for x86_64 host it runs perfectly and even under Valgrind displays no errors whatsoever. + +However, when I compile the program in my armhs chroot and run it it usually (but not always) segaults or hangs or crashes. Example output: + + + (armhf) $ ./dotprod_mutex + Thread 1 did 100000 to 200000: mysum=100000.000000 global sum=100000.000000 + Thread 0 did 0 to 100000: mysum=100000.000000 global sum=200000.000000 + TCG temporary leak before f6731ca0 + qemu-arm-static: /home/erikd/Git/qemu-posix-timer-hacking/Upstream/tcg/tcg-op.h:2371: + tcg_gen_goto_tb: Assertion `(tcg_ctx.goto_tb_issue_mask & (1 << idx)) == 0' failed. + + + (armhf) $ ./dotprod_mutex + qemu: uncaught target signal 11 (Segmentation fault) - core dumped + Segmentation fault + + (armhf) $ ./dotprod_mutex + qemu-arm-static: /home/erikd/Git/qemu-posix-timer-hacking/Upstream/tcg/tcg.c:519: + tcg_temp_free_internal: Assertion `idx >= s->nb_globals && idx < s->nb_temps' failed. + + + (armhf) $ ./dotprod_mutex + Thread 1 did 100000 to 200000: mysum=100000.000000 global sum=100000.000000 + qemu: uncaught target signal 11 (Segmentation fault) - core dumped + Segmentation fault \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1102 b/results/classifier/deepseek-r1:32b/output/runtime/1102 new file mode 100644 index 000000000..7399874bc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1102 @@ -0,0 +1,41 @@ + + + +qemu-user: zero_bss might raise segfault when segment is not writable +Description of problem: +When a PT_LOAD segment with the following attributes presented in the user program, +* MemSiz > FileSiz +* NOT Writable + +qemu-aarch64 will crash with segment fault running it. + + + + +in [linux-user/elfload.c: bss_zero](https://gitlab.com/qemu-project/qemu/-/blob/master/linux-user/elfload.c#L2097), the exceeded part is zero'ed without checking if it is writable +``` + if (host_start < host_map_start) { + memset((void *)host_start, 0, host_map_start - host_start); + } +``` +Steps to reproduce: +1. ./qemu-aarch64 ./X.so +Additional information: +readelf output of X.so +``` +Program Headers: + Type Offset VirtAddr PhysAddr FileSiz MemSiz Flags Align + PHDR 0x0000000000000040 0x0000000000000040 0x0000000000000040 0x0000000000000230 0x0000000000000230 R E 0x8 + LOAD 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000110270 0x00000000001c94e0 R E 0x10000 + LOAD 0x0000000000129bd0 0x00000000001d9bd0 0x00000000001d9bd0 0x0000000000000438 0x00000000000004c0 RW 0x10000 + LOAD 0x000000000013a008 0x00000000001ea008 0x00000000001ea008 0x0000000000017bd0 0x0000000000017bd0 RW 0x10000 + LOAD 0x0000000000161bd8 0x0000000000211bd8 0x0000000000211bd8 0x000000000000f740 0x000000000000f740 RW 0x10000 + DYNAMIC 0x0000000000161e60 0x0000000000211e60 0x0000000000211e60 0x00000000000001e0 0x00000000000001e0 RW 0x8 + INTERP 0x0000000000089410 0x0000000000089410 0x0000000000089410 0x0000000000000015 0x0000000000000015 R 0x1 + [Requesting program interpreter: /system/bin/linker64] + NOTE 0x000000000013dbc8 0x00000000001edbc8 0x00000000001edbc8 0x0000000000000011 0x0000000000000011 R 0x1 + GNU_EH_FRAME 0x00000000001c86a4 0x00000000001c86a4 0x00000000001c86a4 0x00000000000002dc 0x00000000000002dc R 0x4 + GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 0x0000000000000000 RW 0x10 +``` + +X.so: https://drive.google.com/file/d/1A7mkWRcK2BKkpeevt8T6FVLg-t6mWdgi/view?usp=sharing diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1128 b/results/classifier/deepseek-r1:32b/output/runtime/1128 new file mode 100644 index 000000000..902f0bafe --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1128 @@ -0,0 +1,27 @@ + + + +PPC: `spr_write_xer` doesn't set flag bits in `cpu_xer` +Description of problem: +`spr_write_xer()` does not set the `ca`, `ov`, `so`, `ca32`, `ov32` etc. flag bits in the `cpu_xer` variable. + +In fact it copies all bits from the source `GPR` and _excludes_ each flag bit. + +This is not a problem for execution since `spr_read_xer()` gets the flag bits from `cpu_ca/ov/so...` and not from `cpu_xer`. + +Nonetheless it is problem for tools which trace the execution in QEMU (e.g. https://github.com/BinaryAnalysisPlatform/qemu). + +A fix would be to remove the `~` in https://gitlab.com/qemu-project/qemu/-/blob/master/target/ppc/translate.c#L481 +Steps to reproduce: +Haven't found out yet how to debug QEMU so the TCGv values can be investigated. But in general one need to: + +- Execute a binary which executes something like: +``` +r4 = 0xffffffffffffffff +mtxer r4 +``` +and check the `cpu_xer` value after the `xer` write. + +Checking the debug logs (`in_asm,cpu`) doesn't work, since the `xer` value in the logs is not taken directly from `cpu_xer`. +Additional information: +Code ref: https://gitlab.com/qemu-project/qemu/-/blob/master/target/ppc/translate.c#L480-L483 diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1143 b/results/classifier/deepseek-r1:32b/output/runtime/1143 new file mode 100644 index 000000000..12f8fe91e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1143 @@ -0,0 +1,81 @@ + + + +Breakpoints missed when a function is split into two memory pages. +Description of problem: +Qemu seems to ignore some breakpoints when the start of a function is +in another page than where the breakpoint is set. + +In my case, I've a function `__gnat_debug_raise_exception` which starts at `0x10bff2` and I've set with gdb a breakpoint at `0x10c00e` (in another page). +While running with `qemu -d in_asm,exec`, I can see that the whole function is executed at once and that no breakpoint is fired. + +``` +(gdb) b *0x00108fbc +(gdb) b *0x0010c00e +(gdb) target remote :1234 +(gdb) c + +Trace 0: 0x7f277c0174c0 [0000000000000000/0000000000108fb9/0040c0b0/ff000201] ada__exceptions__complete_occurrence +---------------- + +// gdb hits first breakpoint here. +Breakpoint 3, 0x0000000000108fbc .... +(gdb) ni + +IN: ada__exceptions__complete_occurrence +0x00108fbc: e8 31 30 00 00 callq 0x10bff2 + +Trace 0: 0x7f277c000100 [0000000000000000/0000000000108fbc/0040c0b0/ff000e01] ada__exceptions__complete_occurrence +---------------- +IN: __gnat_debug_raise_exception +0x0010bff2: 55 pushq %rbp +0x0010bff3: 48 89 e5 movq %rsp, %rbp +0x0010bff6: 48 89 7d f8 movq %rdi, -8(%rbp) +0x0010bffa: 48 89 d1 movq %rdx, %rcx +0x0010bffd: 48 89 f0 movq %rsi, %rax +0x0010c000: 48 89 fa movq %rdi, %rdx +0x0010c003: 48 89 ca movq %rcx, %rdx +0x0010c006: 48 89 45 e0 movq %rax, -0x20(%rbp) +0x0010c00a: 48 89 55 e8 movq %rdx, -0x18(%rbp) +0x0010c00e: 48 8b 45 e0 movq -0x20(%rbp), %rax +0x0010c012: 90 nop +0x0010c013: 5d popq %rbp +0x0010c014: c3 retq + +Trace 0: 0x7f277c000100 [0000000000000000/000000000010bff2/0040c0b0/ff000000] __gnat_debug_raise_exception +Digging a bit more, it seems that it seems related to + +// gdb ni stop here. Breakpoints at 0x10c00e have been ignored. +``` + +Note that if I'm setting another breakpoint at `0x0010bffd` (thus not at the start of the function but still in the same page), the execution +will be executed step by step and the breakpoint at 0x10c00e will be triggered normally. + + +``` +IN: ada__exceptions__complete_occurrence +0x00108fbc: e8 31 30 00 00 callq 0x10bff2 + +Trace 0: 0x7f6af4000100 [0000000000000000/0000000000108fbc/0040c0b0/ff000e01] ada__exceptions__complete_occurrence +---------------- +IN: __gnat_debug_raise_exception +0x0010bff2: 55 pushq %rbp + +Trace 0: 0x7f6af4000100 [0000000000000000/000000000010bff2/0040c0b0/ff000201] __gnat_debug_raise_exception +---------------- +IN: __gnat_debug_raise_exception +0x0010bff3: 48 89 e5 movq %rsp, %rbp + +Trace 0: 0x7f6af4000280 [0000000000000000/000000000010bff3/0040c0b0/ff000201] __gnat_debug_raise_exception +---------------- +IN: __gnat_debug_raise_exception +0x0010bff6: 48 89 7d f8 movq %rdi, -8(%rbp) +... +``` + +I've dug a bit into qemu translator code and I guess `check_for_breakpoint` should check that the whole function is in the same page before skipping step by step. But I'm not sure if it's possible because the TB is created after `check_for_breakpoint` IIUC. + +Sadly as of now, I don't have a C reproducer. I can try to provide you my "foo" program which is an Ada program. But maybe if you've a better idea how to reproduce that or an idea of to fix that, I'll be glad to help you. + +Thanks, +Clément diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1147 b/results/classifier/deepseek-r1:32b/output/runtime/1147 new file mode 100644 index 000000000..b4e7fe14b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1147 @@ -0,0 +1,12 @@ + + + +x86_64 emu on aarch64 host: cpu_exec: assertion failed: (cpu == current_cpu) +Description of problem: +Execution of some binaries crashes with `Bail out! ERROR:../qemu-7.0.0/accel/tcg/cpu-exec.c:933:cpu_exec: assertion failed: (cpu == current_cpu)`. Looking at the code, that code is wrapped in a gcc/clang ifdef. Recompiling with clang produces this crash instead: `... include/qemu/rcu.h:102: void rcu_read_unlock(void): Assertion 'p_rcu_reader->depth != 0' failed.` + +No easier steps to reproduce (yet) than `systemd-nspawn`ing into an x86_64 Ubuntu container invoking qemu-x86_64-static through binfmt. Commands such as `ls` work fine, while `apt-get` will immediately crash with the error listed above. + +Note that this happens running Asahi Linux on the bare metal of an M1-based Macbook Pro. This same issue does *not* occur running the *same* binaries with the *same* x86_64 Ubuntu image on an Arch or Ubuntu VM under macOS on the same machine - regardless of if the QEMU binaries were built in a VM or in Asahi. + +These are big.LITTLE chips. Using taskset/affinity to limit the target process to a single specific core does not help. The Asahi kernel has a 16K page-size, which is known to cause trouble for some programs. qemu-arm(-static) however works without any issues (the M1 cannot run 32-bit ARM code natively, only 64-bit). diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1165383 b/results/classifier/deepseek-r1:32b/output/runtime/1165383 new file mode 100644 index 000000000..8571e394e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1165383 @@ -0,0 +1,6 @@ + + + +executable qemu-1.4.0/i386-linux-user/./qemu-i386 gives a segmentation fault + +executable qemu-1.4.0/i386-linux-user/./qemu-i386 gives a segmentation fault \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1172613 b/results/classifier/deepseek-r1:32b/output/runtime/1172613 new file mode 100644 index 000000000..fb4026413 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1172613 @@ -0,0 +1,66 @@ + + + +[qemu 1.4.1] inconsistent behavior on different architecture + +Running with qemu 1.4.1 and eglibc 2.17 on Debian Linux 7.0 for amd64 + +---------------- armhf ---------------- +$ arm-linux-gnueabihf-gcc hello.c +$ qemu-arm ./a.out +/lib/ld-linux-armhf.so.3: No such file or directory + +$ qemu-arm arm-linux-gnueabihf/lib/ld-2.17.so ./a.out +./a.out: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory + +$ qemu-arm arm-linux-gnueabihf/lib/ld-2.17.so --library-path arm-linux-gnueabihf/lib ./a.out +Hello, world ! + +---------------- powerpc64 ---------------- +$ powerpc64-linux-gcc hello.c + +$ qemu-ppc64 ./a.out +/lib64/ld64.so.1: No such file or directory + +[BAD BEHAVIOR !!!] +$ qemu-ppc64 powerpc64-linux/lib64/ld-2.17.so ./a.out +Invalid data memory access: 0x00000041988fd008 +NIP 000000400001cb2c LR 000000400001cc30 CTR 0000000000000000 XER 0000000000000000 +MSR 8000000002006000 HID0 0000000060000000 HF 8000000002006000 idx 0 +TB 00000000 00000000 +GPR00 0000000000000000 000000400083a220 0000004000041230 00000043309bd010 +GPR04 0000004000026f12 000000000000000b 000000000000002e 000000000000002e +GPR08 0000000000000030 000000008803fffc 00000041988fcff4 0000000000000037 +GPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +GPR16 0000000000000000 000000400003a4d8 000000400083a6d0 000000400083a6d8 +GPR20 000000400003a898 000000000000000a 0000000000000000 00000043309bd010 +GPR24 0000004000037b60 00000000cfe8ced7 000000400003a430 0000000010000261 +GPR28 00000001980bfff4 0000000000000000 000000004401ffff 000000002200ffff +CR 22242224 [ E E E G E E E G ] RES ffffffffffffffff +FPR00 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +FPR04 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +FPR08 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +FPR12 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +FPR16 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +FPR20 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +FPR24 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +FPR28 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +FPSCR 0000000000000000 +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault + +$ qemu-ppc64 powerpc64-linux/lib64/ld-2.17.so --library-path powerpc64-linux/lib64 ./a.out +Hello, world ! + +---------------- sparc64 ---------------- +$ sparc64-linux-gcc hello.c + +$ qemu-sparc64 ./a.out +/lib64/ld-linux.so.2: No such file or directory + +[BAD BEHAVIOR !!!] +$ qemu-sparc64 sparc64-linux/lib64/ld-2.17.so ./a.out +Segmentation fault + +$ qemu-sparc64 sparc64-linux/lib64/ld-2.17.so --library-path sparc64-linux/lib64 ./a.out +Hello, world ! \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1182490 b/results/classifier/deepseek-r1:32b/output/runtime/1182490 new file mode 100644 index 000000000..2fb9375e6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1182490 @@ -0,0 +1,79 @@ + + + +[qemu-1.5] coroutine-win32.c broken on NULL pointer + +Program received signal SIGSEGV, Segmentation fault. +[Switching to Thread 4340.0x163c] +qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0, from_=0x3ba1c80) + at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47 +(gdb) bt +#0 qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0, + from_=0x3ba1c80) at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47 +#1 coroutine_trampoline (co_=0x3ba1c80) + at /home/cauchy/vcs/git/qemu/coroutine-win32.c:58 +#2 0x0000000077098fed in ?? () +#3 0x0000000000000000 in ?? () +(gdb) +(gdb) info registers +rax 0x0 0 +rbx 0x3ba1c80 62528640 +rcx 0x0 0 +rdx 0x0 0 +rsi 0x770b28d0 1997220048 +rdi 0x3ba1b38 62528312 +rbp 0x0 0x0 +rsp 0xc0bff60 0xc0bff60 +r8 0x3184c0 3245248 +r9 0x43e31a 4449050 +r10 0x0 0 +r11 0x206 518 +r12 0x0 0 +r13 0x0 0 +r14 0x0 0 +r15 0x0 0 +rip 0x43e2cd 0x43e2cd <coroutine_trampoline+61> +eflags 0x10206 [ PF IF RF ] +cs 0x33 51 +ss 0x2b 43 +ds 0x0 0 +es 0x0 0 +fs 0x0 0 +gs 0x0 0 +(gdb) disassemble +Dump of assembler code for function coroutine_trampoline: + 0x000000000043e290 <+0>: push %rdi + 0x000000000043e291 <+1>: push %rsi + 0x000000000043e292 <+2>: push %rbx + 0x000000000043e293 <+3>: sub $0x30,%rsp + 0x000000000043e297 <+7>: mov %rcx,%rbx + 0x000000000043e29a <+10>: lea 0x26dc1f(%rip),%rcx # +0x6abec0 <__emutls_v.current> + 0x000000000043e2a1 <+17>: mov 0x6868dd68(%rip),%rax # 0x68acc010 + 0x000000000043e2a8 <+24>: mov %rax,0x28(%rsp) + 0x000000000043e2ad <+29>: xor %eax,%eax + 0x000000000043e2af <+31>: callq 0x695808 <__emutls_get_address> + 0x000000000043e2b4 <+36>: mov 0x9090d9(%rip),%rsi # +0xd47394 <__imp_SwitchToFiber> + 0x000000000043e2bb <+43>: mov %rax,%rdi + 0x000000000043e2be <+46>: xchg %ax,%ax + 0x000000000043e2c0 <+48>: mov 0x8(%rbx),%rcx + 0x000000000043e2c4 <+52>: callq *(%rbx) + 0x000000000043e2c6 <+54>: mov 0x10(%rbx),%rdx + 0x000000000043e2ca <+58>: mov %rdx,(%rdi) +=> 0x000000000043e2cd <+61>: movl $0x2,0x38(%rdx) + 0x000000000043e2d4 <+68>: mov 0x30(%rdx),%rcx + 0x000000000043e2d8 <+72>: callq *%rsi + 0x000000000043e2da <+74>: jmp 0x43e2c0 <coroutine_trampoline+48> +End of assembler dump. +(gdb) + + +From: + +qemu_coroutine_switch (action=COROUTINE_TERMINATE, to_=0x0, from_=0x3ba1c80) + at /home/cauchy/vcs/git/qemu/coroutine-win32.c:47 + +We can see qemu_coroutine_switch was call with to_=NULL, then crashed at line 47: + +to->action = action; \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1187319 b/results/classifier/deepseek-r1:32b/output/runtime/1187319 new file mode 100644 index 000000000..7216dc4d2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1187319 @@ -0,0 +1,11 @@ + + + +Ctrl-Alt-- and Ctrl-Alt-+ have no effect in SDL + +The manual page mentions Ctrl-Alt-- for shrinking a window and Ctrl-Alt-+ for enlarging it. Pressing these keys do not seem to have any effect. + +I tried -/= with and without holding shift and the numpad. By the way, the numpad plus and min do not have any effect in GTK either. + +Keyboard layout: US int with AltGr dead keys +version: 1.5.0 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1207896 b/results/classifier/deepseek-r1:32b/output/runtime/1207896 new file mode 100644 index 000000000..03d4dc725 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1207896 @@ -0,0 +1,6 @@ + + + +binfmt wrapper for argv[0] handling + +Please, add patch https://lists.gnu.org/archive/html/qemu-devel/2011-09/msg03841.html to upstream. 2 years have passed and this patch is not jet applied. Why? 99% GNU/Linux distribution uses qemu with this patch. It is 100% needed. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1209 b/results/classifier/deepseek-r1:32b/output/runtime/1209 new file mode 100644 index 000000000..c77928700 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1209 @@ -0,0 +1,8 @@ + + + +Optionally do not clear the screen when starting a VM +Additional information: +``` +QEMU emulator version 6.2.0 (qemu-6.2.0-14.fc36) +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1211 b/results/classifier/deepseek-r1:32b/output/runtime/1211 new file mode 100644 index 000000000..496c499ac --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1211 @@ -0,0 +1,10 @@ + + + +Bad fonts in "cirrus" VGA card. +Description of problem: +Similar to #988. Fixed by set "no_bitblt" and "sw_cursor" in XF86Config file. +Steps to reproduce: +Similar to #988. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1221966 b/results/classifier/deepseek-r1:32b/output/runtime/1221966 new file mode 100644 index 000000000..0da40dbc9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1221966 @@ -0,0 +1,37 @@ + + + +SIGSEGV in static_code_gen_buffer + +Trying to run 'ls' (or, anything else as far as I can tell) from a SunOS 5.8 box under RHEL 6.4 linux, I get a segfault. I've tried qemu-1.5.3, qemu-1.6.0, and I fetched git://git.qemu-project.org/qemu.git. I've also tried a statically linked sh from /sbin/ and it also segfaulted. + +wcolburn@anotheruvula</home/anotheruvula/qemu>$ gdb bin/qemu-sparc +GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1) +Copyright (C) 2010 Free Software Foundation, Inc. +License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. Type "show copying" +and "show warranty" for details. +This GDB was configured as "x86_64-redhat-linux-gnu". +For bug reporting instructions, please see: +<http://www.gnu.org/software/gdb/bugs/>... +Reading symbols from /home/anotheruvula/qemu/bin/qemu-sparc...done. +(gdb) run ../sparc/ls +Starting program: /home/anotheruvula/qemu/bin/qemu-sparc ../sparc/ls +[Thread debugging using libthread_db enabled] + +Program received signal SIGSEGV, Segmentation fault. +0x00007ffff8259116 in static_code_gen_buffer () +Missing separate debuginfos, use: debuginfo-install glib2-2.22.5-7.el6.x86_64 glibc-2.12-1.107.el6_4.4.x86_64 +(gdb) where +#0 0x00007ffff8259116 in static_code_gen_buffer () +#1 0x00007ffff7f570cd in cpu_tb_exec (cpu=0x7ffffa2b1210, tb_ptr= + 0x7ffff82590d0 "A\213n \205í\017\205Í") + at /home/anotheruvula/qemu-devel/cpu-exec.c:56 +#2 0x00007ffff7f57b2d in cpu_sparc_exec (env=0x7ffffa2b1348) + at /home/anotheruvula/qemu-devel/cpu-exec.c:631 +#3 0x00007ffff7f77f36 in cpu_loop (env=0x7ffffa2b1348) + at /home/anotheruvula/qemu-devel/linux-user/main.c:1089 +#4 0x00007ffff7f798ff in main (argc=2, argv=0x7fffffffdfc8, envp= + 0x7fffffffdfe0) at /home/anotheruvula/qemu-devel/linux-user/main.c:4083 +(gdb) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1228 b/results/classifier/deepseek-r1:32b/output/runtime/1228 new file mode 100644 index 000000000..e3d920faa --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1228 @@ -0,0 +1,46 @@ + + + +-display curses only recognizes escape characters if pressed very quickly +Description of problem: +The system start and runs perfectly fine, but when I try to exit the escape commands does not seem to work. + +I have tried all the ones from here: +https://www.qemu.org/docs/master/system/keys.html +https://www.qemu.org/docs/master/system/mux-chardev.html + +When using the graphical display, the escape characters works as expected but when using -display curses, they do not. +Steps to reproduce: +1. Start qemu with the command provided +2. Try to exit using ctrl + x a - Not working +3. Try to exit using alt + 2 - Not working + +The same issues occurs when running qemu on a Linux machine (Ubunt) via Visual Studio Code / ssh. + +I'm guessing this is a macOS specific issue or maybe something to do with my Locale (sv-SE). +Additional information: +Linux 0.01 build: +https://github.com/mariuz/linux-0.01 + +**Tests using showkey** + +Alt + 2 from mobile ssh client (Terminus) -> Ubuntu machine +``` +^[2 27 0033 0x1b + 50 0062 0x32 +``` + +Option + 2 from macOS Terminal + ssh -> Ubuntu machine +``` +@ 64 0100 0x40 +``` + +Esc + 2 from macOS Terminal + ssh -> Ubuntu machine +``` +^[ 27 0033 0x1b +2 50 0062 0x32 +``` + +**Update** + +It seems to work if I press ESC + 2 at exactly the same time. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1233225 b/results/classifier/deepseek-r1:32b/output/runtime/1233225 new file mode 100644 index 000000000..0a7a2516c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1233225 @@ -0,0 +1,27 @@ + + + +mips/mipsel linux user float division problem + +Hi, + +I tested the following with the qemu git HEAD as of 2013-09-30 on Debian stable and testing. My host runs amd64 but I also tried this out inside a i386 chroot with the same result. The problem occurs for mips and mipsel. Given the following program: + +#include <stdio.h> +int main(int argc, char **argv) +{ + int a = 1; + double d = a/2.0; + printf("%f\n", d); + return 0; +} + +Instead of printing 0.5, it will print 2.0 if executed in qemu user mode. + +$ mipsel-linux-gnu-gcc mipstest.c +$ ~/qemu/mipsel-linux-user/qemu-mipsel ./a.out +2.0 + +Expecting this to be a problem with my cross compiler (gcc-4.4 from emdebian) I ran a fully emulated debian squeeze environment inside qemu. There, I compiled the same program natively with gcc and as expected got 0.5 as the output. I also copied the cross compiled binary inside the emulated environment and also got 0.5 when I ran it. So the same mips/mipsel binary produces different output depending on whether it is run in a fully emulated environment or qemu user mode. + +Can anybody else reproduce this problem? \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1245703 b/results/classifier/deepseek-r1:32b/output/runtime/1245703 new file mode 100644 index 000000000..29fde6870 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1245703 @@ -0,0 +1,12 @@ + + + +LD_PREFIX option reads directories recursively in an endless loop + +If I run qemu user emulation with -L /path/to/my/sysroot/ in which also the proc and dev filesystem is mounted QEMU eats my memory until it gets killed by the kernel. + +According to the strace output it follows the symbolic links in the proc filesystem running forever in a recursive loop. + +The easiest solution would be to add in the function "add_dir_maybe" in the file util/path.c an additional check for symbolic links that it don't follow them. + +Also I don't really understand the need of doing this. A lot of ressources are wasted everytime QEMU-user is started just by having the directory structure in memory. In my case this are more than 20000 entries which QEMU is loading every time. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1246990 b/results/classifier/deepseek-r1:32b/output/runtime/1246990 new file mode 100644 index 000000000..9b2c6b07d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1246990 @@ -0,0 +1,41 @@ + + + +[qemu-x86-64-linux-user 1.6.1] qemu: uncaught target signal 11 (Segmentation fault) - core dumped + +Rjsupplicant is an authentication client of Campus Network in most universities in China. Its Linux version has only x86 and amd64 version. + +On linux: + +./qemu-x86_64 is compiled from latest qemu 1.6.1, with ./configure options: --enable-debug --target-list=x86_64-linux-user . Compiler is gcc version 4.7.3 (Debian 4.7.3-4) + +$ sudo ./qemu-x86_64 ./rjsupplicant -n eth0 -u USER -p PASS -d 1 -s internet +qemu: uncaught target signal 11 (Segmentation fault) - core dumped + +$ sudo gdb ./qemu-x86_64 +(gdb) r ./rjsupplicant -n eth0 -u USER -p PASS -d 1 -s internet +(gdb) where +#0 0x00005555559c21bd in static_code_gen_buffer () +#1 0x00005555555b74d5 in cpu_tb_exec (cpu=0x555557972580, tb_ptr=0x5555559c2190 <static_code_gen_buffer+819792> "A\213n\250\205\355\017\205\257") + at /home/USER/x/rjsupplicant/x64/qemu-1.6.1/cpu-exec.c:56 +#2 0x00005555555b817d in cpu_x86_exec (env=0x5555579726b0) at /home/USER/x/rjsupplicant/x64/qemu-1.6.1/cpu-exec.c:631 +#3 0x00005555555d997a in cpu_loop (env=0x5555579726b0) at /home/USER/x/rjsupplicant/x64/qemu-1.6.1/linux-user/main.c:283 +#4 0x00005555555eca6b in clone_func (arg=0x7fffffffc1d0) at /home/USER/x/rjsupplicant/x64/qemu-1.6.1/linux-user/syscall.c:4266 +#5 0x00007ffff71bfe0e in start_thread (arg=0x7ffff7f04700) at pthread_create.c:311 +#6 0x00007ffff6ef493d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113 + +$ file rjsupplicant +rjsupplicant: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.9, not stripped + +$ uname -r +3.10-2-amd64 + + +And it can be run on Linux amd64 successfully. + +Though I don't have the source code of rjsupplicant, so I don't have further information. + +`qemu-x86_64 -strace ./rjsupplicant -n eth0 -u USER -p PASS -d 1 -s internet` is attached as strace_qemu.log + + +The binary is available to download at http://ge.tt/6pgG1tw/v/0 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1248 b/results/classifier/deepseek-r1:32b/output/runtime/1248 new file mode 100644 index 000000000..49134e68b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1248 @@ -0,0 +1,14 @@ + + + +s390x: glibc widestring algorithms broken +Description of problem: +Several wide-string functions from glibc are broken und qemu user emulation. +Affected are at least: `wcsbrk()`, `wcsspn()` and `wcscspn()`. All of these are implemented in optimized assembler in glibc. + +Unfortunately I don't have access to the real hardware to check the behavior there. But it would probably been detected by now. +Also I don't know which instructions exactly don't work, as I don't have any knowledge about s390x assembler. +Steps to reproduce: +1. Compile the test program above +2. Run the program +3. Output is `0`, should be `1`. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1254672 b/results/classifier/deepseek-r1:32b/output/runtime/1254672 new file mode 100644 index 000000000..bfb059d9e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1254672 @@ -0,0 +1,44 @@ + + + +ps segfaults with qemu-{arm,armel,mips,powerpc}-static + +Host: Ubuntu Precise AMD64 +Guest: Debian Testing armhf + +After running a debootstrap for Debian testing/armhf and entering the chroot, simply running "ps" causes a segmentation fault. + +$ sudo qemu-debootstrap --arch=armhf testing armhf http://ftp.uk.debian.org/debian/ +[...] +$ sudo chroot armhf +# ps +Signal 11 (SEGV) caught by ps (procps-ng version 3.3.4). +/bin/ps:display.c:59: please report this bug + +I couldn't find a bug report for procps, which would be unusual if such a bug existed, so I'm assuming the bug is in qemu. + +Unfortunately trying to run debootstrap for an Ubuntu variant fails to find the release file. + +ps is used a lot, as you can imagine, but specifically it fails when trying to install some packages via "apt-get install" and no attempt is made to recover. + +ProblemType: Bug +DistroRelease: Ubuntu 12.04 +Package: qemu-user-static 1.0.50-2012.03-0ubuntu2.1 +ProcVersionSignature: Ubuntu 3.8.0-33.48~precise1-generic 3.8.13.11 +Uname: Linux 3.8.0-33-generic x86_64 +NonfreeKernelModules: wl +ApportVersion: 2.0.1-0ubuntu17.6 +Architecture: amd64 +Date: Mon Nov 25 10:43:12 2013 +Dependencies: + +InstallationMedia: Ubuntu 12.04.3 LTS "Precise Pangolin" - Release amd64 (20130820.1) +MarkForUpload: True +ProcEnviron: + LANGUAGE=en_GB:en + TERM=xterm + PATH=(custom, no user) + LANG=en_GB.UTF-8 + SHELL=/bin/bash +SourcePackage: qemu-linaro +UpgradeStatus: No upgrade log present (probably fresh install) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1254828 b/results/classifier/deepseek-r1:32b/output/runtime/1254828 new file mode 100644 index 000000000..b8ef18853 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1254828 @@ -0,0 +1,40 @@ + + + +qemu-sparc64-static: Segmentation Fault during debootstrap second stage + +Host: Ubuntu Precise amd64 +Guest: Debian Sid (ports) sparc64 + +When attempting the second stage of a debootstrap for a sparc64 Debian Sid guest, a segmentation fault occurs. + +$ sudo qemu-debootstrap --no-check-gpg --arch=sparc64 sid sparc64 http://ftp.debian-ports.org/debian +I: Running command: debootstrap --arch sparc64 --foreign --no-check-gpg sid sparc64 http://ftp.debian-ports.org/debian +[...] +I: Running command: chroot sparc64 /debootstrap/debootstrap --second-stage +/debootstrap/debootstrap: 22: .: Can't open /usr/share/debootstrap/functions +Segmentation fault (core dumped) + +Running a simple "sudo chroot sparc64" exits silently on amd64, and reports a segfault on i386. + +ProblemType: Bug +DistroRelease: Ubuntu 12.04 +Package: qemu-user-static 1.0.50-2012.03-0ubuntu2.1 +ProcVersionSignature: Ubuntu 3.8.0-33.48~precise1-generic 3.8.13.11 +Uname: Linux 3.8.0-33-generic x86_64 +NonfreeKernelModules: wl +ApportVersion: 2.0.1-0ubuntu17.6 +Architecture: amd64 +Date: Mon Nov 25 17:49:34 2013 +Dependencies: + +InstallationMedia: Ubuntu 12.04.3 LTS "Precise Pangolin" - Release amd64 (20130820.1) +MarkForUpload: True +ProcEnviron: + LANGUAGE=en_GB:en + TERM=xterm + PATH=(custom, no user) + LANG=en_GB.UTF-8 + SHELL=/bin/bash +SourcePackage: qemu-linaro +UpgradeStatus: No upgrade log present (probably fresh install) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1255 b/results/classifier/deepseek-r1:32b/output/runtime/1255 new file mode 100644 index 000000000..bf1cc937e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1255 @@ -0,0 +1,14 @@ + + + +32bit qemu-arm fails to run systemctl "Allocating guest commpage: Cannot allocate memory" +Description of problem: +I am using a bare minimal install of the latest 32 bit version of debian with only ssh installed. I have compiled qemu from the latest git with "./configure --target-list=arm-linux-user --static --disable-pie". When I try to run systemctl from the latest version of raspbian, I experience the error: "Allocating guest commpage: Cannot allocate memory". +Steps to reproduce: +1. Download and extract the included systemctl and required libs. [systemctl+libs.tgz](/uploads/a2834ed651a981fded4bcc19ea9ca31b/systemctl+libs.tgz) +2. run "qemu-arm -L ./ systemctl --version" +Additional information: +- I think this is related to [Issue 690](https://gitlab.com/qemu-project/qemu/-/issues/690). +- When I run "qemu-arm -L ./ -B 0x20000 systemctl --version" there is no error. +- The error still happens when setting vm.mmap_min_addr to 0. +- The error does not occur on v5.0.0, but does occur on v5.1.0 and v6.1.0. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1261743 b/results/classifier/deepseek-r1:32b/output/runtime/1261743 new file mode 100644 index 000000000..63b65d984 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1261743 @@ -0,0 +1,8 @@ + + + +trace-backend "simple" doesn't support "disable" property of event + +trace-backend "simple" generates wrong eventid in trace/generated-tracers.c after "disable" property occured in trace-events record. + +Result: missing or mixing logs in trace file. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1263747 b/results/classifier/deepseek-r1:32b/output/runtime/1263747 new file mode 100644 index 000000000..3dfdf616c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1263747 @@ -0,0 +1,32 @@ + + + +Arm64 fails to run a binary which runs OK on real hardware + +This binary: + +http://oirase.annexia.org/tmp/test.gz + +runs OK on real aarch64 hardware. It is a statically linked Linux binary which (if successful) will print "hello, world" and exit cleanly. + +On qemu-arm64 userspace emulator it doesn't print anything and loops forever using 100% CPU. + +---- +The following section is only if you wish to compile this binary from source, otherwise you can ignore it. + +First compile OCaml from: + +https://github.com/ocaml/ocaml + +(note you have to compile it on aarch64 or in qemu, it's not possible to cross-compile). You will have to apply the one-line patch from: + +https://sympa.inria.fr/sympa/arc/caml-list/2013-12/msg00179.html + + ./configure + make -j1 world.opt + +Then do: + + echo 'print_endline "hello, world"' > test.ml + ./boot/ocamlrun ./ocamlopt -I stdlib stdlib.cmxa test.ml -o test + ./test \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1267 b/results/classifier/deepseek-r1:32b/output/runtime/1267 new file mode 100644 index 000000000..c27f29476 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1267 @@ -0,0 +1,96 @@ + + + +qemu-i386 missing VDSO +Description of problem: +Qemu crashes with a segmentation fault when running any binary using qemu-i386. Steps to reproduce are trivial, simply run `qemu-user ./test`. The file is here: [test](/uploads/fe0d498713e79d7e39f417e69ad64c2f/test). Basically any binary compiled with `GOARCH=386` using [TinyGo](https://tinygo.org/) should reproduce this issue. +I also tried some trivial Go compiled binary and they also crash, but this time with an internal Go error that suggests something is terribly broken over there too: `fatal error: mallocgc called without a P or outside bootstrapping` + +Interestingly, qemu-x86_64 and qemu-arm appear to work just fine. + +Unfortunately I couldn't get a good backtrace on newer versions. It looks like this in the git version, which I doubt is correct: + +``` +~/src/qemu/build$ /bin/lldb ./qemu-i386 +(lldb) target create "./qemu-i386" +Current executable set to '/home/ayke/src/qemu/build/qemu-i386' (aarch64). +(lldb) run /home/ayke/src/tinygo/tinygo/test +Process 97986 launched: '/home/ayke/src/qemu/build/qemu-i386' (aarch64) +Process 97986 stopped +* thread #1, name = 'qemu-i386', stop reason = unknown crash reason + frame #0: 0x0000fffff78fb9fc libc.so.6`__sigsuspend + 92 +libc.so.6`__sigsuspend: +-> 0xfffff78fb9fc <+92>: svc #0 + 0xfffff78fba00 <+96>: cmn x0, #0x1, lsl #12 ; =0x1000 + 0xfffff78fba04 <+100>: b.hi 0xfffff78fba3c ; <+156> + 0xfffff78fba08 <+104>: mov w19, w0 +(lldb) bt +* thread #1, name = 'qemu-i386', stop reason = unknown crash reason + * frame #0: 0x0000fffff78fb9fc libc.so.6`__sigsuspend + 92 + frame #1: 0x0000aaaaaabfcedc qemu-i386`dump_core_and_abort(target_sig=11) at signal.c:745:5 + frame #2: 0x0000aaaaaabfc128 qemu-i386`handle_pending_signal(cpu_env=0x0000aaaaaae5d2e0, sig=11, k=0x0000aaaaaae68af8) at signal.c:1061:13 + frame #3: 0x0000aaaaaabfbe48 qemu-i386`process_pending_signals(cpu_env=0x0000aaaaaae5d2e0) at signal.c:1141:13 + frame #4: 0x0000aaaaaaae5a04 qemu-i386`cpu_loop(env=0x0000aaaaaae5d2e0) at cpu_loop.c:315:9 + frame #5: 0x0000aaaaaabf5e7c qemu-i386`main(argc=2, argv=0x0000ffffffffecd8, envp=0x0000ffffffffecf0) at main.c:925:5 + frame #6: 0x0000fffff78e7b80 libc.so.6`___lldb_unnamed_symbol2945 + 112 + frame #7: 0x0000fffff78e7c60 libc.so.6`__libc_start_main + 160 + frame #8: 0x0000aaaaaaae0430 qemu-i386`_start at start.S:81 +(lldb) ^D +``` + +I got a better (but still not great) backtrace in Qemu 7.0.0: + +``` +~/src/tinygo/tinygo$ /bin/lldb qemu-i386 +(lldb) target create "qemu-i386" +Current executable set to 'qemu-i386' (aarch64). +(lldb) run test +Process 98106 launched: '/usr/bin/qemu-i386' (aarch64) +Process 98106 stopped +* thread #1, name = 'qemu-i386', stop reason = signal SIGSEGV: address access protected (fault address: 0x8000) + frame #0: 0x0000aaaaaac4b564 qemu-i386`cpu_ldub_code + 32 +qemu-i386`cpu_ldub_code: +-> 0xaaaaaac4b564 <+32>: ldrb w0, [x0, w1, uxtw] + 0xaaaaaac4b568 <+36>: str xzr, [x2] + 0xaaaaaac4b56c <+40>: ret + +qemu-i386`cpu_lduw_code: + 0xaaaaaac4b570 <+0>: mrs x2, TPIDR_EL0 +(lldb) bt +* thread #1, name = 'qemu-i386', stop reason = signal SIGSEGV: address access protected (fault address: 0x8000) + * frame #0: 0x0000aaaaaac4b564 qemu-i386`cpu_ldub_code + 32 + frame #1: 0x0000aaaaaac4a4a8 qemu-i386`translator_ldub_swap + 72 + frame #2: 0x0000aaaaaabe6714 qemu-i386`___lldb_unnamed_symbol6310 + 144 + frame #3: 0x0000aaaaaabed2e8 qemu-i386`___lldb_unnamed_symbol6311 + 24 + frame #4: 0x0000aaaaaac4a040 qemu-i386`translator_loop + 400 + frame #5: 0x0000aaaaaabed5a8 qemu-i386`gen_intermediate_code + 72 + frame #6: 0x0000aaaaaac486ec qemu-i386`tb_gen_code + 364 + frame #7: 0x0000aaaaaac43068 qemu-i386`cpu_exec + 1480 + frame #8: 0x0000aaaaaabaa4b0 qemu-i386`cpu_loop + 208 + frame #9: 0x0000aaaaaab8cb54 qemu-i386`main + 2020 + frame #10: 0x0000fffff7687b80 libc.so.6`___lldb_unnamed_symbol2945 + 112 + frame #11: 0x0000fffff7687c60 libc.so.6`__libc_start_main + 160 + frame #12: 0x0000aaaaaab8d3b0 qemu-i386`_start + 48 +(lldb) ^D +``` + +And an even better backtrace for an even older version (5.2.0). Though I should note that this GDB also had an assertion failue, but the backtrace looks reasonable: + +``` +#0 0x0000aaaaaaba7804 in cpu_ldub_code (env=env@entry=0x0, ptr=0) at ../../accel/tcg/user-exec.c:1170 +#1 0x0000aaaaaab40d04 in translator_ldub_swap (do_swap=false, pc=<optimized out>, env=<optimized out>) at ./include/exec/translator.h:176 +#2 translator_ldub (pc=<optimized out>, env=<optimized out>) at ./include/exec/translator.h:176 +#3 x86_ldub_code (env=env@entry=0xaaaaaad809f0, s=s@entry=0xffffffffe990) at ../../target/i386/translate.c:1916 +#4 0x0000aaaaaab51670 in disas_insn (s=s@entry=0xffffffffe990, cpu=<optimized out>, cpu=<optimized out>) at ../../target/i386/translate.c:4506 +#5 0x0000aaaaaab5e1c8 in i386_tr_translate_insn (dcbase=0xffffffffe990, cpu=<optimized out>) at ../../target/i386/translate.c:8569 +#6 0x0000aaaaaabbc9f4 in translator_loop (ops=0xaaaaaacd62b0 <i386_tr_ops>, db=0xffffffffe990, cpu=0xaaaaaad786a0, tb=<optimized out>, max_insns=<optimized out>) + at ../../accel/tcg/translator.c:103 +#7 0x0000aaaaaab5e470 in gen_intermediate_code (cpu=cpu@entry=0xaaaaaad786a0, tb=tb@entry=0xffffe8007f00, max_insns=max_insns@entry=512) + at ../../target/i386/translate.c:8631 +#8 0x0000aaaaaabcd54c in tb_gen_code (cpu=cpu@entry=0xaaaaaad786a0, pc=pc@entry=0, cs_base=cs_base@entry=0, flags=flags@entry=4194483, cflags=-16777216, + cflags@entry=0) at ../../accel/tcg/translate-all.c:1744 +#9 0x0000aaaaaabbe2a8 in tb_find (cf_mask=0, tb_exit=0, last_tb=0x0, cpu=0xaaaaaad786a0) at ../../accel/tcg/cpu-exec.c:414 +#10 cpu_exec (cpu=cpu@entry=0xaaaaaad786a0) at ../../accel/tcg/cpu-exec.c:770 +#11 0x0000aaaaaab3a438 in cpu_loop (env=env@entry=0xaaaaaad809f0) at ../../linux-user/i386/cpu_loop.c:207 +#12 0x0000aaaaaab1df00 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at ../../linux-user/main.c:882 +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1285363 b/results/classifier/deepseek-r1:32b/output/runtime/1285363 new file mode 100644 index 000000000..c16a45f34 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1285363 @@ -0,0 +1,48 @@ + + + +qemu-aarch64-static segfaults + +I've found a couple conditions that causes qemu-user-static to core dump fairly reliably - same with upstream git - while a binary built from suse's aarch64-1.6 branch seems to consistently work fine. + +Testing suggests they are resolved by the sigprocmask wrapper patches included in suse's tree. + + 1) dh_fixperms is a script that commonly runs at the end of a package build. + Its basically doing a `find | xargs chmod`. + 2) debootstrap --second-stage + This is used to configure an arm64 chroot that was built using + debootstrap on a non-native host. It is basically invoking a bunch of + shell scripts (postinst, etc). When it blows up, the stack consistently + looks like this: + +Core was generated by `/usr/bin/qemu-aarch64-static /bin/sh -e +/debootstrap/debootstrap --second-stage'. +Program terminated with signal SIGSEGV, Segmentation fault. +#0 0x0000000060058e55 in memcpy (__len=8, __src=0x7fff62ae34e0, +__dest=0x400082c330) at +/usr/include/x86_64-linux-gnu/bits/string3.h:51 +51 return __builtin___memcpy_chk (__dest, __src, __len, __bos0 (__dest)); +(gdb) bt +#0 0x0000000060058e55 in memcpy (__len=8, __src=0x7fff62ae34e0, +__dest=0x400082c330) at +/usr/include/x86_64-linux-gnu/bits/string3.h:51 +#1 stq_p (v=274886476624, ptr=0x400082c330) at +/mnt/qemu.upstream/include/qemu/bswap.h:280 +#2 stq_le_p (v=274886476624, ptr=0x400082c330) at +/mnt/qemu.upstream/include/qemu/bswap.h:315 +#3 target_setup_sigframe (set=0x7fff62ae3530, env=0x62d9c678, +sf=0x400082b0d0) at /mnt/qemu.upstream/linux-user/signal.c:1167 +#4 target_setup_frame (usig=usig@entry=17, ka=ka@entry=0x604ec1e0 +<sigact_table+512>, info=info@entry=0x0, set=set@entry=0x7fff62ae3530, +env=env@entry=0x62d9c678) + at /mnt/qemu.upstream/linux-user/signal.c:1286 +#5 0x0000000060059f46 in setup_frame (env=0x62d9c678, +set=0x7fff62ae3530, ka=0x604ec1e0 <sigact_table+512>, sig=17) at +/mnt/qemu.upstream/linux-user/signal.c:1322 +#6 process_pending_signals (cpu_env=cpu_env@entry=0x62d9c678) at +/mnt/qemu.upstream/linux-user/signal.c:5747 +#7 0x0000000060056e60 in cpu_loop (env=env@entry=0x62d9c678) at +/mnt/qemu.upstream/linux-user/main.c:1082 +#8 0x0000000060005079 in main (argc=<optimized out>, argv=<optimized +out>, envp=<optimized out>) at +/mnt/qemu.upstream/linux-user/main.c:4374 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1287195 b/results/classifier/deepseek-r1:32b/output/runtime/1287195 new file mode 100644 index 000000000..c16f930d1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1287195 @@ -0,0 +1,6 @@ + + + +validate_guest_space incorrectly enabled on AArch64 + +When running linux-user targetting AArch64, validate_guest_space() in elfload.c reserves space in the guest address space for the ARM commpage. Since there is no commpage on AArch64, this function should be disable on that target. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1294898 b/results/classifier/deepseek-r1:32b/output/runtime/1294898 new file mode 100644 index 000000000..ac8e8197d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1294898 @@ -0,0 +1,81 @@ + + + +gtk: menubar visible in fullscreen mode with gtk3 + +Using the gtk UI, compiled with gtk3, the menu bar is fully visible in full screen mode. On gtk2 it's hidden. The set_size_request call isn't abided on gtk3 it seems. + +Simple fix is: + +diff --git a/ui/gtk.c b/ui/gtk.c +index 66e886f..7b3bd3d 100644 +--- a/ui/gtk.c ++++ b/ui/gtk.c +@@ -805,7 +805,7 @@ static void gd_menu_full_screen(GtkMenuItem *item, void *opaque) + + if (!s->full_screen) { + gtk_notebook_set_show_tabs(GTK_NOTEBOOK(s->notebook), FALSE); +- gtk_widget_set_size_request(s->menu_bar, 0, 0); ++ gtk_widget_hide(s->menu_bar); + gtk_widget_set_size_request(s->drawing_area, -1, -1); + gtk_window_fullscreen(GTK_WINDOW(s->window)); + if (gd_on_vga(s)) { +@@ -815,7 +815,7 @@ static void gd_menu_full_screen(GtkMenuItem *item, void *opaque) + } else { + gtk_window_unfullscreen(GTK_WINDOW(s->window)); + gd_menu_show_tabs(GTK_MENU_ITEM(s->show_tabs_item), s); +- gtk_widget_set_size_request(s->menu_bar, -1, -1); ++ gtk_widget_show(s->menu_bar); + gtk_widget_set_size_request(s->drawing_area, + surface_width(s->ds), + surface_height(s->ds)); + + +The problem with that is that hiding the menu bar means all its associated accelerators are no longer usable, so there's way to exit fullscreen mode. That's kind of a problem :) + +We can install the accelerators on the window, but make sure the menu item still shows the accelerator short cut. Example with the fullscreen accelerator: + +diff --git a/ui/gtk.c b/ui/gtk.c +index 66e886f..fbce2b0 100644 +--- a/ui/gtk.c ++++ b/ui/gtk.c +@@ -799,7 +799,7 @@ static void gd_menu_show_tabs(GtkMenuItem *item, void *opaque) + } + } + +-static void gd_menu_full_screen(GtkMenuItem *item, void *opaque) ++static void gd_do_full_screen(void *opaque) + { + GtkDisplayState *s = opaque; + +@@ -828,6 +828,11 @@ static void gd_menu_full_screen(GtkMenuItem *item, void *opaque) + gd_update_cursor(s, FALSE); + } + ++static void gd_menu_full_screen(GtkMenuItem *item, void *opaque) ++{ ++ gd_do_full_screen(opaque); ++} ++ + static void gd_menu_zoom_in(GtkMenuItem *item, void *opaque) + { + GtkDisplayState *s = opaque; +@@ -1304,10 +1309,11 @@ static GtkWidget *gd_create_menu_view(GtkDisplayState *s, GtkAccelGroup *accel_g + gtk_menu_set_accel_group(GTK_MENU(view_menu), accel_group); + + s->full_screen_item = gtk_menu_item_new_with_mnemonic(_("_Fullscreen")); +- gtk_menu_item_set_accel_path(GTK_MENU_ITEM(s->full_screen_item), +- "<QEMU>/View/Full Screen"); +- gtk_accel_map_add_entry("<QEMU>/View/Full Screen", GDK_KEY_f, +- HOTKEY_MODIFIERS); ++ gtk_accel_group_connect(accel_group, GDK_KEY_f, HOTKEY_MODIFIERS, 0, ++ g_cclosure_new_swap(G_CALLBACK(gd_do_full_screen), s, NULL)); ++ gtk_accel_label_set_accel( ++ GTK_ACCEL_LABEL(gtk_bin_get_child(GTK_BIN(s->full_screen_item))), ++ GDK_KEY_f, HOTKEY_MODIFIERS); + gtk_menu_shell_append(GTK_MENU_SHELL(view_menu), s->full_screen_item); + + separator = gtk_separator_menu_item_new(); + + +However gtk_accel_label_set_accel, which shows the accel key sequence in the menu, is gtk 3.8+ :/ So older versions wouldn't have any visual indication of the shortcuts. Maybe that's not a problem, SDL didn't have any indication of shortcuts either. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1311614 b/results/classifier/deepseek-r1:32b/output/runtime/1311614 new file mode 100644 index 000000000..35739fc7a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1311614 @@ -0,0 +1,50 @@ + + + +qemu-arm segfaults with gcc 4.9.0 + +I have an ARM chroot that working with qemu-arm emulation + +[root@filzbach fedya]# cat /proc/sys/fs/binfmt_misc/arm +enabled +interpreter /usr/bin/qemu-arm-binfmt +flags: P +offset 0 +magic 7f454c4601010100000000000000000002002800 +mask ffffffffffffff00fffffffffffffffffeffffff + + +In chroot installed gcc dependencies with 4.9.0 version + +sudo rpm --root /home/fedya/root/ -qa | grep 4.9.0 + +libgcc1-4.9.0_2014.04-1-omv2013.0.armv7hl +libgomp1-4.9.0_2014.04-1-omv2013.0.armv7hl +libstdc++6-4.9.0_2014.04-1-omv2013.0.armv7hl +gcc-4.9.0_2014.04-1-omv2013.0.armv7hl +gcc-cpp-4.9.0_2014.04-1-omv2013.0.armv7hl +libstdc++-devel-4.9.0_2014.04-1-omv2013.0.armv7hl +gcc-c++-4.9.0_2014.04-1-omv2013.0.armv7hl + + +When i try to run "rpm" , "rpmbuild", "rpm2cpio"command i always see qemu segfault message + + +example: + +[root@filzbach /]# uname -a +Linux filzbach.lindev.ch 3.13.6-nrjQL-desktop-70omv #1 SMP PREEMPT Wed Mar 12 21:40:00 UTC 2014 armv7l armv7l armv7l GNU/Linux + +[root@filzbach /]# rpm +qemu: uncaught target signal 11 (Segmentation fault) - core dumped + + +Segfault became apparent only after gcc upgrade from 4.8.3 to 4.9.0. + +When i downgrade it to 4.8.3 all working fine again. +It looks like a qemu bug with gcc. + + +P.S. +I tried to rebuild qemu with gcc 4.9.0 +I tried to build qemu from git sources, from fedora sources, from suse sources etc. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1346769 b/results/classifier/deepseek-r1:32b/output/runtime/1346769 new file mode 100644 index 000000000..9e0db9734 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1346769 @@ -0,0 +1,39 @@ + + + +/proc/self/maps content returned to 32-bits guest under 64-bits qemu + +Reading /proc/self/maps a user doesn't get a stack record. Not all programs relies on the maps file but some do. + +The bug found by running 32-bits binaries with address sanitizer (Asan) instrumentations under 64-bit qemu. + +$ echo "int main() { return 0; }" > /tmp/test.c +$ gcc -m32 -fsanitize=address -fno-common -Wall -g -fPIC -o /tmp/test /tmp/test.c +$ qemu-i386-static /tmp/test +==4092==AddressSanitizer CHECK failed: /home/michail/Downloads/gcc-4.9.0/libsanitizer/sanitizer_common/sanitizer_linux_libcdep.cc:63 "(((uptr)&rl >= start && (uptr)&rl < end)) != (0)" (0x0, 0x0) + #0 0xf632ff01 (/home/michail/build/lib32/libasan.so.1+0x53f01) + #1 0xf6333f49 (/home/michail/build/lib32/libasan.so.1+0x57f49) + #2 0xf6338785 (/home/michail/build/lib32/libasan.so.1+0x5c785) + #3 0xf6338bd1 (/home/michail/build/lib32/libasan.so.1+0x5cbd1) + #4 0xf6331baf (/home/michail/build/lib32/libasan.so.1+0x55baf) + #5 0xf6331dca (/home/michail/build/lib32/libasan.so.1+0x55dca) + #6 0xf6331f5a (/home/michail/build/lib32/libasan.so.1+0x55f5a) + #7 0xf6330bd4 (/home/michail/build/lib32/libasan.so.1+0x54bd4) + #8 0xf67ebeec (/lib/ld-linux.so.2+0xeeec) + #9 0xf67de10e (/lib/ld-linux.so.2+0x110e) + +This happened because during initialization Asan can't find stack boundaries. + +For some reasons Qemu wants to report stack boundaries just for several arch targets skipping other ones. This is from linux-user/syscall.c open_self_maps() + +#if defined(TARGET_ARM) || defined(TARGET_M68K) || defined(TARGET_UNICORE32) + dprintf(fd, "%08llx-%08llx rw-p %08llx 00:00 0 [stack]\n", + (unsigned long long)ts->info->stack_limit, + (unsigned long long)(ts->info->start_stack + + (TARGET_PAGE_SIZE - 1)) & TARGET_PAGE_MASK, + (unsigned long long)0); +#endif + +Not very clear why the case covers just specific targets. + +This bug continues the previously reported issue with not hiden system map http://lists.nongnu.org/archive/html/qemu-devel/2014-07/msg02793.html. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1346784 b/results/classifier/deepseek-r1:32b/output/runtime/1346784 new file mode 100644 index 000000000..2395c80f2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1346784 @@ -0,0 +1,70 @@ + + + +qemu internal memory areas visible to a guest via /proc/self/maps + + +Qemu internal memory areas are not suppressed in the output and are visible to a guest via /proc/self/maps. + +$ echo "int main() { return 0; }" > /tmp/test.c +$ gcc -m32 -fsanitize=address -fno-common -Wall -g -fPIC -o /tmp/test /tmp/test.c +$ qemu-i386-static -R 0 /tmp/test + +We use -R option because the binary can't be executed under stock version of Qemu with address sanitizer instrumentations (Asan). + +Qemu memory map looks the following way where GUEST valid addresses are marked with ***** and invalid with @@@: + +***** 08048000-08049000 r-xp 00000000 08:01 28835889 /tmp/test +***** 08049000-0804a000 rw-p 00000000 08:01 28835889 /tmp/test +***** 1ffff000-24000000 rw-p 00000000 00:00 0 +***** 24000000-28000000 ---p 00000000 00:00 0 +***** 28000000-40000000 rw-p 00000000 00:00 0 +***** 40000000-40001000 ---p 00000000 00:00 0 +***** 40001000-40801000 rw-p 00000000 00:00 0 [stack] +***** 40801000-40821000 r-xp 00000000 08:01 26738694 /lib32/ld-2.19.so +***** 40821000-40822000 r--p 0001f000 08:01 26738694 /lib32/ld-2.19.so +***** 40822000-40823000 rw-p 00020000 08:01 26738694 /lib32/ld-2.19.so +***** 40823000-40827000 rw-p 00000000 00:00 0 +***** 40827000-408ca000 r-xp 00000000 08:01 49424994 /home/michail/build/lib32/libasan.so.1.0.0 +***** 408ca000-408cc000 rw-p 000a3000 08:01 49424994 /home/michail/build/lib32/libasan.so.1.0.0 +***** 408cc000-40d24000 rw-p 00000000 00:00 0 +***** 40d3c000-40ee2000 r-xp 00000000 08:01 26738695 /lib32/libc-2.19.so +***** 40ee2000-40ee4000 r--p 001a6000 08:01 26738695 /lib32/libc-2.19.so +***** 40ee4000-40ee5000 rw-p 001a8000 08:01 26738695 /lib32/libc-2.19.so +***** 40ee5000-40ee8000 rw-p 00000000 00:00 0 +***** 40ee8000-40f00000 r-xp 00000000 08:01 26738711 /lib32/libpthread-2.19.so +***** 40f00000-40f01000 r--p 00017000 08:01 26738711 /lib32/libpthread-2.19.so +***** 40f01000-40f02000 rw-p 00018000 08:01 26738711 /lib32/libpthread-2.19.so +***** 40f02000-40f04000 rw-p 00000000 00:00 0 +***** 40f04000-40f07000 r-xp 00000000 08:01 26738708 /lib32/libdl-2.19.so +***** 40f07000-40f08000 r--p 00002000 08:01 26738708 /lib32/libdl-2.19.so +***** 40f08000-40f09000 rw-p 00003000 08:01 26738708 /lib32/libdl-2.19.so +***** 40f09000-40fee000 r-xp 00000000 08:01 49424965 /home/michail/build/lib32/libstdc++.so.6.0.20 +***** 40fee000-40ff2000 r--p 000e5000 08:01 49424965 /home/michail/build/lib32/libstdc++.so.6.0.20 +***** 40ff2000-40ff3000 rw-p 000e9000 08:01 49424965 /home/michail/build/lib32/libstdc++.so.6.0.20 +***** 40ff3000-40ffa000 rw-p 00000000 00:00 0 +***** 40ffa000-4103e000 r-xp 00000000 08:01 26738698 /lib32/libm-2.19.so +***** 4103e000-4103f000 r--p 00043000 08:01 26738698 /lib32/libm-2.19.so +***** 4103f000-41040000 rw-p 00044000 08:01 26738698 /lib32/libm-2.19.so +***** 41040000-41041000 rw-p 00000000 00:00 0 +***** 41041000-4105b000 r-xp 00000000 08:01 49424637 /home/michail/build/lib32/libgcc_s.so.1 +***** 4105b000-4105c000 rw-p 00019000 08:01 49424637 /home/michail/build/lib32/libgcc_s.so.1 +***** 4105c000-4105e000 rw-p 00000000 00:00 0 +***** 4105f000-41061000 rw-p 00000000 00:00 0 +***** 41065000-421ed000 rw-p 00000000 00:00 0 +***** 421ee000-421f1000 rw-p 00000000 00:00 0 +***** 60000000-6033b000 r-xp 00000000 08:01 48760980 /home/michail/build/bin/qemu-i386-static +***** 6053b000-60546000 rw-p 0033b000 08:01 48760980 /home/michail/build/bin/qemu-i386-static +***** 60546000-6059a000 rw-p 00000000 00:00 0 +***** 6059a000-6259b000 rwxp 00000000 00:00 0 +***** 6259b000-625ae000 rw-p 00000000 00:00 0 +***** 62dce000-62e12000 rw-p 00000000 00:00 0 [heap] +@@@ 7f3f5e6a9000 - 7f3f61f28000 rw-p 00000000 00:00 0 +@@@ 7fffad130000 - 7fffad132000 r-xp 00000000 00:00 0 [vdso] +@@@ ffffffffff600000 - ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall] + +qemu-i386-static and its heap are in ranges which are valid and be reported to guest in case of maps file reading. + +The issue is related to early reported bugs: +http://lists.nongnu.org/archive/html/qemu-devel/2014-07/msg02793.html +http://lists.nongnu.org/archive/html/qemu-devel/2014-07/msg03085.html \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1357206 b/results/classifier/deepseek-r1:32b/output/runtime/1357206 new file mode 100644 index 000000000..d9675457d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1357206 @@ -0,0 +1,62 @@ + + + +QEMU user mode still crashes in multi-thread code. + +I compiled the qemu 2.0 release source and find out qemu crashing when emulating multi-thread code in user mode. + +I did a little search and found LP:668799 but it is far from now and it is probably not the problem here. + +I used program below as the test program: + +#include <stdio.h> +#include <stdlib.h> +#include <pthread.h> + +void *print_message_function( void *ptr ); + +main() +{ + pthread_t thread1, thread2; + const char *message1 = "Thread 1"; + const char *message2 = "Thread 2"; + int iret1, iret2; + + /* Create independent threads each of which will execute function */ + + iret1 = pthread_create( &thread1, NULL, print_message_function, (void*) message1); + if(iret1) + { + fprintf(stderr,"Error - pthread_create() return code: %d\n",iret1); + exit(EXIT_FAILURE); + } + + iret2 = pthread_create( &thread2, NULL, print_message_function, (void*) message2); + if(iret2) + { + fprintf(stderr,"Error - pthread_create() return code: %d\n",iret2); + exit(EXIT_FAILURE); + } + + printf("pthread_create() for thread 1 returns: %d\n",iret1); + printf("pthread_create() for thread 2 returns: %d\n",iret2); + + /* Wait till threads are complete before main continues. Unless we */ + /* wait we run the risk of executing an exit which will terminate */ + /* the process and all threads before the threads have completed. */ + + pthread_join( thread1, NULL); + pthread_join( thread2, NULL); + + exit(EXIT_SUCCESS); +} + +void *print_message_function( void *ptr ) +{ + char *message; + message = (char *) ptr; + printf("%s \n", message); +} + +Compiled to i386 and aarch64 object, +and both qemu-i386 and qemu-aarch64 had segmentation faults. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1357226 b/results/classifier/deepseek-r1:32b/output/runtime/1357226 new file mode 100644 index 000000000..be6c99f12 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1357226 @@ -0,0 +1,14 @@ + + + +qemu: uncaught target signal 11 (Segmentation fault) - core dumped + +steps to reproduce: +pbuilder-dist utopic armhf create +pbuilder-dist utopic armhf login +apt-get install imagemagick +convert foo.xpm foo.png +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault + +(doesn't matter if images are actually there or not) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1361 b/results/classifier/deepseek-r1:32b/output/runtime/1361 new file mode 100644 index 000000000..05f83e078 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1361 @@ -0,0 +1,23 @@ + + + +ppc64le linux user emulation w/ 64KiB pages seems broken since v5.0.0 +Description of problem: +[Our (snmalloc's)](https://github.com/microsoft/snmalloc) CI includes running a PowerPC64 little-endian Linux build inside qemu, running with 64KiB pages as, at least, Debian runs them by default. As reported [over there](https://github.com/microsoft/snmalloc/issues/576), this broke when GitHub's CI runners moved from Ubuntu Focal (20.04) to Jammy (22.04), bringing qemu from v4.2 to v6.2. + +The failing test case appears to die of an erroneous `SIGSEGV` `SEGV_MAPERR`: +``` +--- SIGSEGV {si_signo=SIGSEGV, si_code=1, si_addr=0x0000004001be5000} --- +``` +despite that address nominally being mapped by the last memory syscall to touch that area +``` +openat(AT_FDCWD,"/usr/powerpc64le-linux-gnu/lib/libstdc++.so.6",O_RDONLY|O_CLOEXEC) = 4 +[...] +mmap(0x0000004001bd0000,131072,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,4,0x2f0000) = 0x4001bd0000 +``` + +Bisection reveals that the breakage first occurred with 4dcf078f094d436866ef793aa25c96fba85ac8d0, though I suspect this is merely the commit that exposes some underlying bug rather than being the actual root cause. +Steps to reproduce: +Run a ppc64el Linux executable under `qemu-user` with `-p 65536`. +Additional information: +Please advise what more would be useful. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1361912 b/results/classifier/deepseek-r1:32b/output/runtime/1361912 new file mode 100644 index 000000000..c5b00197c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1361912 @@ -0,0 +1,12 @@ + + + +qemu-mips64 Segmentation fault + +When I ran qemu-mips64 for any mips 64 executable , I got this error: + +$ ./qemu-mips64 ../lang +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault (core dumped) + +Is this a known issue? \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1362635 b/results/classifier/deepseek-r1:32b/output/runtime/1362635 new file mode 100644 index 000000000..9536b6dee --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1362635 @@ -0,0 +1,45 @@ + + + +bdrv_read co-routine re-entered recursively + +calling bdrv_read in a loop leads to the follwing situation: + +bs->drv->bdrv_aio_readv is called, and finally calls bdrv_co_io_em_complete in other thread context. +there is a possibility of calling bdrv_co_io_em_complete before calling qemu_coroutine_yield in bdrv_co_io_em. And qemu fails with "co-routine re-entered recursively". + +static void bdrv_co_io_em_complete(void *opaque, int ret) +{ + CoroutineIOCompletion *co = opaque; + + co->ret = ret; + qemu_coroutine_enter(co->coroutine, NULL); +} + +static int coroutine_fn bdrv_co_io_em(BlockDriverState *bs, int64_t sector_num, + int nb_sectors, QEMUIOVector *iov, + bool is_write) +{ + CoroutineIOCompletion co = { + .coroutine = qemu_coroutine_self(), + }; + BlockDriverAIOCB *acb; + + if (is_write) { + acb = bs->drv->bdrv_aio_writev(bs, sector_num, iov, nb_sectors, + bdrv_co_io_em_complete, &co); + } else { + acb = bs->drv->bdrv_aio_readv(bs, sector_num, iov, nb_sectors, + bdrv_co_io_em_complete, &co); + } + + trace_bdrv_co_io_em(bs, sector_num, nb_sectors, is_write, acb); + if (!acb) { + return -EIO; + } + qemu_coroutine_yield(); + + return co.ret; +} + +is it a bug, or may be I don't understand something? \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1368 b/results/classifier/deepseek-r1:32b/output/runtime/1368 new file mode 100644 index 000000000..a0d2c738c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1368 @@ -0,0 +1,41 @@ + + + +unexpect rax value +Description of problem: +- When I execute "mov -0x8(%rbp), %rax" and "movq 0xb8000, (%rax)", the value of rax should be 0x7fedf but it is 0x7fefe. It is 1 less. +Steps to reproduce: +- 1. Code currently executed +<pre> +(gdb) x/2i $pc +=> 0x2202 <vga_init+12>: mov -0x8(%rbp),%rax + 0x2206 <vga_init+16>: movq $0xb8000,(%rax) +</pre> +- 2. Value of memory address -0x8(%rbp) +<pre> +(gdb) x /xg $rbp-0x8 +0x7fec8: 0x000000000007fedf +</pre> +- 3. Value of rax before execution +<pre> +(gdb) p /x $rax +$1 = 0xfffffffd +</pre> +- 4. Value of rax after execution +<pre> +(gdb) p /x $rax +$1 = 0x7fedf +</pre> +It's all right so far. +- 5. View the current execution code again +<pre> +(gdb) x/i $pc +=> 0x2207 <vga_init+17>: movl $0xb8000,(%rax) +</pre> +the code address changed from 0x2206 to 0x2207 and the code changed from "movq xx, xx" to "movl xx, xx".<br> +Now rax is 0x7fedf. +- 6. After execution<br> +After executing "movl $0xb8000,(%rax)"<br> +The rax change to 0x7fede +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1388 b/results/classifier/deepseek-r1:32b/output/runtime/1388 new file mode 100644 index 000000000..ef331b079 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1388 @@ -0,0 +1,17 @@ + + + +QEMU 7.2.0 - Update file repository with x86/x64 Windows installer +Description of problem: +In file repository + +https://qemu.weilnetz.de/w32/ +https://qemu.weilnetz.de/w64/ + +are not availble Windows installer for x86 and x64 platform and QEMU final 7.2.0. + +The latest version is 7.2.0.RC4 (08.12.2022). + +Thanks. +Steps to reproduce: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1397 b/results/classifier/deepseek-r1:32b/output/runtime/1397 new file mode 100644 index 000000000..5267b8404 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1397 @@ -0,0 +1,4 @@ + + + +riscv: break, hbreak does not set a breakpoint on the correct address when providing symbols diff --git a/results/classifier/deepseek-r1:32b/output/runtime/140 b/results/classifier/deepseek-r1:32b/output/runtime/140 new file mode 100644 index 000000000..dfa0ce56f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/140 @@ -0,0 +1,4 @@ + + + +linux-user clone() can't handle glibc posix_spawn() (causes locale-gen to assert) diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1412 b/results/classifier/deepseek-r1:32b/output/runtime/1412 new file mode 100644 index 000000000..9c9539b49 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1412 @@ -0,0 +1,8 @@ + + + +QEMU segfault (null pointer dereference) in sve_probe_page from ldff1* instructions +Description of problem: +After upgrading to QEMU v7.2.0 from v7.1.0, when executing any SVE ldff1* instructions with a faulting address, QEMU crashes due to a null pointer dereference at target/arm/sve_helper.c:5364 + +I believe this was introduced in b8967ddf393aaf35fdbc07b4cb538a40f8b6fe37 (@rth7680), since in that commit `full` is dereferenced before the `flags & TLB_INVALID_MASK` check at line 5369, and full is set to null by `probe_access_full` when `TLB_INVALID_MASK` is given. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1429313 b/results/classifier/deepseek-r1:32b/output/runtime/1429313 new file mode 100644 index 000000000..8313542ac --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1429313 @@ -0,0 +1,12 @@ + + + +qemu-user doesn't block target signals on entry to signal hanlder. + +Upon entry to a target signal handler the function process_pending_signals in linux-user/signal.c block the appropriate host signals, but signals already received and queued by Qemu are not blocked. If multiple signals arrive in quick succession this results incorrect recursion in the target signal handler. + +The attached test case my be run as: + +$ (sleep 2 ; echo) | qemu-i386 ./a.out +.................. Recursion in signal handler! +qemu: uncaught target signal 6 (Aborted) - core dumped \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1435 b/results/classifier/deepseek-r1:32b/output/runtime/1435 new file mode 100644 index 000000000..b7aa2928e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1435 @@ -0,0 +1,19 @@ + + + +Infinite recursion in tcg_gen_mulu2_i32 for certain 32-bit hosts. +Description of problem: +`tcg_gen_mulu2_i32` infinitely recurses on a 32-bit host (TCG target) that has neither `TCG_TARGET_HAS_mulu2_i32` nor `TCG_TARGET_HAS_muluh_i32`. + +I don't actually think there is any host that is 32-bits and has neither mulu2 nor muluh. The only reference I found is [this](https://gitlab.com/qemu-project/qemu/-/commit/df9ebea53ebc1c98217743f56c30ae3a46031bb9) commit, which adds an `#error` if that situation is hit. But the check, which [still exists](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/include/tcg/tcg.h#L174), checks if those flags are *defined*, not for their value. I guess, over the years as the code was refactored, the check wasn't updated because, frankly, there aren't any hosts that match that situation (except mine). + +One easy fix is to change the check mentioned above to check the actual macro value so that compilation fails. I can create a PR for that. +Steps to reproduce: +(Note: I'm linking to the v7.2.0 tag so that these links stay relevant). + +1. `tcg_gen_mulu2_i32` [calls](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/tcg/tcg-op.c#L890) `tcg_gen_mul_i64`. +2. `tcg_gen_mul_i64` on 32-bit hosts, due to [this](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/tcg/tcg-op.c#L1097) check for `TCG_TARGET_REG_BITS == 32`, is defined [here](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/tcg/tcg-op.c#L1218), and [calls](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/tcg/tcg-op.c#L1226) `tcg_gen_mulu2_i32`. +3. Rinse and repeat. +4. Eventually, as gen_mulu2/mul functions spill while trying to allocate temps, they will overflow the TB buffer. This will restart code generation with smaller and smaller block sizes, until the block size reaches 1 instruction. TCG will then give up and [assert](https://gitlab.com/qemu-project/qemu/-/blob/v7.2.0/accel/tcg/translate-all.c#L869). +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1478 b/results/classifier/deepseek-r1:32b/output/runtime/1478 new file mode 100644 index 000000000..bdd8513e1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1478 @@ -0,0 +1,69 @@ + + + +Qemu 7.2.0 i386: core2: init crash (glibc) +Description of problem: +The toolchain-builder project (a side project of Buildroot to build pre-built toolchains) reported an issue with Qemu 7.2.0 for x86-core2--glibc--bleeding-edge toolchain, see: + +https://gitlab.com/buildroot.org/toolchains-builder/-/jobs/3731683337 + +Reverting back to Qemu 7.1.0, the system boot correctly with the same system image. +I reproduced the issue with the current Qemu master (6b433719eabf0abc74cff0cfd5687f0137c4198a) + +Here is the boot log obtained with Qemu 7.2.0: + ``` +Run /sbin/init as init process +random: fast init done +EXT4-fs (vda): warning: mounting unchecked fs, running e2fsck is recommended +EXT4-fs (vda): re-mounted. Opts: (null). Quota mode: disabled. +Starting syslogd: OK +traps: syslogd[52] general protection fault ip:b7e21465 sp:bfe59e6c error:0 in libc.so.6[b7d9b000+123000] +Starting klogd: OK +traps: klogd[56] general protection fault ip:b7e94465 sp:bf8f069c error:0 in libc.so.6[b7e0e000+123000] +Running sysctl: traps: logger[62] general protection fault ip:b7e48b6c sp:bfd7d194 error:0 in libc.so.6[b7e05000+123000] +Segmentation fault +traps: logger[64] general protection fault ip:b7dd3b6c sp:bf9b8604 error:0 in libc.so.6[b7d90000+123000] +Segmentation fault + +traps: init[100] general protection fault ip:b7dda465 sp:bfd5f42c error:0 in libc.so.6[b7d54000+123000] +Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b +CPU: 0 PID: 1 Comm: init Not tainted 5.15.18 #1 +Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.1-0-g3208b098f51a-prebuilt.qemu.org 04/01/2014 +Call Trace: + dump_stack_lvl+0x32/0x41 + dump_stack+0xd/0x10 + panic+0x90/0x206 + do_exit.cold+0xa9/0xa9 + do_group_exit+0x2a/0x90 + get_signal+0x115/0x7e0 + arch_do_signal_or_restart+0x90/0x5a0 + ? put_pid+0xc/0x20 + ? kernel_clone+0x10b/0x3d0 + exit_to_user_mode_prepare+0xf8/0x1c0 + syscall_exit_to_user_mode+0x1b/0x40 + do_int80_syscall_32+0x41/0x90 + entry_INT80_32+0xf0/0xf0 +EIP: 0xb7de5d88 +Code: 37 01 00 00 65 ff 15 10 00 00 00 89 d0 5a 5b 5e 5f 5d c3 66 90 66 90 66 90 66 90 66 90 66 90 66 90 90 59 b8 be 00 00 00 cd 80 <51> 3d 01 f0 ff ff 0f 83 06 e9 f6 ff c3 e8 81 a0 06 00 05 9a a0 0e +EAX: 00000064 EBX: 0059aa1c ECX: 00561f5b EDX: 00000008 +ESI: 0059cc20 EDI: bfd5fa64 EBP: 0059b138 ESP: bfd5fa20 +DS: 007b ES: 007b FS: 0000 GS: 0033 SS: 007b EFLAGS: 00000246 +Kernel Offset: disabled +---[ end Kernel panic - not syncing: Attempted to kill init! exitcode=0x0000000b ]--- + ``` +I did a git bisect on qemu sources up to this commit: + +https://gitlab.com/qemu-project/qemu/-/commit/958e1dd1300f37f18b2161dfb4eb806fc8c19b44 +Steps to reproduce: +Build the Buildroot qemu_x86_defconfig with BR2_x86_core2 target architecture variant added manually +1. git clone https://gitlab.com/buildroot.org/buildroot.git +2. git switch --detach c419ef62d84b5be65599452ab84f7ed719bbe470 +3. make qemu_x86_defconfig +4. make menuconfig (enable BR2_x86_core2) +5. make +6. ./output/images/start-qemu.sh +Additional information: +System built with gcc options: + ``` +i686-buildroot-linux-gnu-gcc.br_real' '--sysroot' 'output/host/i686-buildroot-linux-gnu/sysroot' '-fstack-protector-strong' '-fPIE' '-pie' '-Wl,-z,now' '-Wl,-z,relro' + ``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1495 b/results/classifier/deepseek-r1:32b/output/runtime/1495 new file mode 100644 index 000000000..705279de4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1495 @@ -0,0 +1,9 @@ + + + +MacOS fails check-unit for test-io-channel-command for some reason +Description of problem: +While adding the socat dependency to the CI system it triggers a failure on the ARM MacOS build, eg: https://gitlab.com/stsquad/qemu/-/jobs/3769189709 +Steps to reproduce: +1. install socat +2. make check-unit diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1519037 b/results/classifier/deepseek-r1:32b/output/runtime/1519037 new file mode 100644 index 000000000..73971ba44 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1519037 @@ -0,0 +1,10 @@ + + + +qemu-i386 32-bit segfault + +I'm getting segfaults on 32-bit linux trying to run binaries using qemu-i386 from git. These segfaults go away when run in gdb or strace - could it be about the environment somehow? + +In contrast qemu-x86_64 works fine. How can I pinpoint the cause of this? + +Thanks! \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1527765 b/results/classifier/deepseek-r1:32b/output/runtime/1527765 new file mode 100644 index 000000000..4fce454c8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1527765 @@ -0,0 +1,75 @@ + + + +sh4: ghc randomly segfaults on qemu-sh4-static + +Hello! + +I am currently in the process of bootstrapping ghc for the Debian sh4 port and ran into a strange problem with qemu-sh4-static which randomly segfaults when running ghc to compile a Haskell source: + +root@jessie32:~/ghc-7.8.4/utils/ghc-pwd# ls +Main.hi Main.hs Setup.hs ghc-pwd.cabal ghc.mk +root@jessie32:~/ghc-7.8.4/utils/ghc-pwd# ghc Main.hs +/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault +root@jessie32:~/ghc-7.8.4/utils/ghc-pwd# ghc Main.hs +/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault +root@jessie32:~/ghc-7.8.4/utils/ghc-pwd# ghc Main.hs +/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault +root@jessie32:~/ghc-7.8.4/utils/ghc-pwd# ghc Main.hs +/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault +root@jessie32:~/ghc-7.8.4/utils/ghc-pwd# ghc Main.hs +/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) +[1 of 1] Compiling Main ( Main.hs, Main.o ) +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault +root@jessie32:~/ghc-7.8.4/utils/ghc-pwd# ghc Main.hs +/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) +[1 of 1] Compiling Main ( Main.hs, Main.o ) +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault +root@jessie32:~/ghc-7.8.4/utils/ghc-pwd# ghc Main.hs +/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) +[1 of 1] Compiling Main ( Main.hs, Main.o ) +Bad interface file: /usr/local/lib/sh4-unknown-linux-gnu-ghc-7.10.3/time/dist-install/build/Data/Time/Format/Parse.hi + ghc: panic! (the 'impossible' happened) + (GHC version 7.10.3 for sh4-unknown-linux): + getSymtabName:unknown known-key unique +<<details unavailable>> + +Please report this as a GHC bug: http://www.haskell.org/ghc/reportabug + +root@jessie32:~/ghc-7.8.4/utils/ghc-pwd# ghc Main.hs +/bin/bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) +[1 of 1] Compiling Main ( Main.hs, Main.o ) +Linking Main ... +root@jessie32:~/ghc-7.8.4/utils/ghc-pwd# + +As seen above, compiling a Haskell source code often results in a segfault but simply by retrying to run ghc over and over again, the compile process will eventually succeed and no segfault occurs. + +I have created a tarball which contains the sh4 chroot from the example above which also includes ghc, gcc and the source code in question (in /root/ghc-7.8.4/utils/ghc-pwd). To test, it's probably a good idea to replace the qemu-sh4-static binary in /usr/bin with a current git snapshot (which I tried but didn't help). + +> http://users.physik.fu-berlin.de/~glaubitz/sid-sh4-sbuild-ghc.tgz + +In case anyone wants to try ghc with their own sh4 chroot, here's my version of ghc: + +> https://people.debian.org/~glaubitz/sh4-unknown-linux-gnu-ghc-7.10.3.tar.gz + +Just extract in the chroot of the sh4 chroot. + +Please note, that it might be advisable on sh4 to apply the patches from these two bug reports as otherwise qemu-sh4-static won't work properly on sh4 and misses syscall 186: + +> https://bugs.launchpad.net/ubuntu/+source/qemu-linaro/+bug/1254824 +> https://bugs.launchpad.net/qemu/+bug/1516408 + +The above issue is reproducible with the two patches applied and without. It's also reproducible with both libc6 2.19 and 2.21 in the chroot. Thus, I am currently out of ideas what else to test. + +Cheers, +Adrian \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1528 b/results/classifier/deepseek-r1:32b/output/runtime/1528 new file mode 100644 index 000000000..83543fca8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1528 @@ -0,0 +1,12 @@ + + + +ppc64le: qemu-arm: basic hello world fails with "user-exec.c:492: page_set_flags: Assertion `start < end' failed." +Description of problem: +Trying to utilize a RH8 enterprise POWER9 based server to build OpenBMC which utilizes qemu under the covers to validate cross compiles. After some debug, I found that a basic hello-world cross compiled application does not work on POWER9 hardware. +Steps to reproduce: +1. Create basic hello world .c file, cross compile it for arm (arm-linux-gnueabi-gcc hello.c -o hello) +2. Build latest qemu-arm from master +3. Run qemu-arm against hello world binary +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1528239 b/results/classifier/deepseek-r1:32b/output/runtime/1528239 new file mode 100644 index 000000000..77560ec11 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1528239 @@ -0,0 +1,48 @@ + + + +Unable to debug PIE binaries with QEMU gdb stub. + +The issue occurs on current trunk: + +max@max:~/build/qemu$ cat test.c +#include <stdio.h> + +int main() { + printf("Hello, world!\n"); + return 0; +} + +max@max:~/build/qemu$ gcc test.c -fPIC -pie -o bad.x +max@max:~/build/qemu$ ./x86_64-linux-user/qemu-x86_64 -g 1234 bad.x +............................. + + +max@max:~/build/qemu$ gdb +GNU gdb (Ubuntu 7.7.1-0ubuntu5~14.04.2) 7.7.1 +........................................................................................ +(gdb) file bad.x +Reading symbols from bad.x...(no debugging symbols found)...done. +(gdb) b main +Breakpoint 1 at 0x779 +(gdb) target remote localhost:1234 +Remote debugging using localhost:1234 +Reading symbols from /lib64/ld-linux-x86-64.so.2...warning: the debug information found in "/lib64/ld-2.19.so" does not match "/lib64/ld-linux-x86-64.so.2" (CRC mismatch). + +Reading symbols from /usr/lib/debug//lib/x86_64-linux-gnu/ld-2.19.so...done. +done. +Loaded symbols for /lib64/ld-linux-x86-64.so.2 +Error in re-setting breakpoint 1: Cannot access memory at address 0x775 +Error in re-setting breakpoint 1: Cannot access memory at address 0x775 +0x0000004000a042d0 in _start () from /lib64/ld-linux-x86-64.so.2 +(gdb) c +Continuing. +[Inferior 1 (Remote target) exited normally] +(gdb) + + +max@max:~/build/qemu$ cat config.log +# Configured with: '/home/max/src/qemu/configure' '--prefix=/home/max/install/qemu' '--target-list=arm-linux-user,aarch64-linux-user,x86_64-linux-user' '--static' + + +W/O QEMU or -pie flag breakpoint on main works fine. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1531 b/results/classifier/deepseek-r1:32b/output/runtime/1531 new file mode 100644 index 000000000..e6a3bf1f6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1531 @@ -0,0 +1,18 @@ + + + +MIPSr6+MSA emulation is broken in QEMU 6.2.0 (Ubuntu 22.04 LTS) and 7.0.0 +Description of problem: +Many tests (8,11,12,13,15,19,23,30,31,36) are failing due to QEMU emulation problem. +Steps to reproduce: +1. Download the source code from https://github.com/VectorChief/UniSIMD-assembler (master or v1.1.0c) +2. Change to project's test directory and build the binary for MIPS using cross-compiler (see simd_make_m64.mk) +3. Run the binary with QEMU linux-user mode: qemu-mips64el -cpu I6400 simd_test.m64f32Lr6 -c 1 | tee qemu64 +4. Check the output text file qemu64 (with pluma or any other text editor) to see the error printouts +Additional information: +The pre-built binary and its output file are attached as test.tar.gz +[test.tar.gz](/uploads/7a54ba10919a1b221dd8ea0e8c02c064/test.tar.gz) + +Please note, that standalone cross-compiler for MIPS downloaded from the site +(Codescape.GNU.Tools.Package.2020.06-01.for.MIPS.MTI.Linux.CentOS-6.x86_64.tar.gz) +comes with its own version of QEMU 4.1.0 which masks the system's QEMU when added to the PATH. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1533141 b/results/classifier/deepseek-r1:32b/output/runtime/1533141 new file mode 100644 index 000000000..2abc9d087 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1533141 @@ -0,0 +1,18 @@ + + + +qemu/disas/libvixl/vixl/invalset.h: 2 * sanity check after use ? + +1. + +[qemu/disas/libvixl/vixl/invalset.h:442]: (style) Array index 'low' is used before limits check. + + while (!IsValid(elements[low]) && (low < high)) ++low; + +2. + +[qemu/disas/libvixl/vixl/invalset.h:450]: (style) Array index 'middle' is used before limits check. + + while (!IsValid(elements[middle]) && (middle < high - 1)) ++middle; + +Also, binary search is a standard C library routine. Suggest use. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1541 b/results/classifier/deepseek-r1:32b/output/runtime/1541 new file mode 100644 index 000000000..a677253a1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1541 @@ -0,0 +1,35 @@ + + + +Invalid position of G_NORETURN in clang v15 +Description of problem: +Order of `G_NORETURN` used in https://gitlab.com/qemu-project/qemu/-/blob/0f3de970febd2c9b29dccecb63ca928c6802a101/include/qemu/osdep.h#L240-242 is not valid in clang++ 15.0.7. + +Switching `extern` with `G_NORETURN` seems to fix the issue. +Steps to reproduce: +1. Build qemu system for MIPSEL or use minimal reproducer: + +`example.cpp`: +``` +#include "/path/to/qemu/include/glib-compat.h" + +extern G_NORETURN +void // QEMU_ERROR("code path is reachable") + qemu_build_not_reached_always(void); +``` + +``` +$ clang++ --version +clang version 15.0.7 +Target: x86_64-pc-linux-gnu +Thread model: posix +InstalledDir: /usr/bin +$ clang++ -m64 -mcx16 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -fcolor-diagnostics -Wall -Winvalid-pch -std=gnu++11 -O0 -g example.cpp +example.cpp:3:8: error: an attribute list cannot appear here +extern G_NORETURN + ^~~~~~~~~~ +/usr/include/glib-2.0/glib/gmacros.h:1075:21: note: expanded from macro 'G_NORETURN' +# define G_NORETURN [[noreturn]] + ^~~~~~~~~~~~ +1 error generated. +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1550503 b/results/classifier/deepseek-r1:32b/output/runtime/1550503 new file mode 100644 index 000000000..2471785eb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1550503 @@ -0,0 +1,16 @@ + + + +target-arm/helper.c:5493: bad test ? + +[qemu/target-arm/helper.c:5493]: (style) Expression '(X & 0x1f) != 0xf80f0000' is always true. + +Source code is + + (env->uncached_cpsr & CPSR_M) != CPSR_USER && + +but + +./qemu/target-arm/cpu.h:#define CPSR_M (0x1fU) + +./qemu/target-arm/cpu.h:#define CPSR_USER (CPSR_NZCV | CPSR_Q | CPSR_GE) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1568107 b/results/classifier/deepseek-r1:32b/output/runtime/1568107 new file mode 100644 index 000000000..7518d6f0e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1568107 @@ -0,0 +1,12 @@ + + + +x86_64 linux-user: setup_rt_frame: not implemented + +Trying to run this binary (https://github.com/ethcore/parity/releases/download/v1.0.1/parity_linux_1.0.1-0_amd64.deb) under qemu-x86_64 on ARM, ends like this: + +$ qemu-x86_64 parity --pruning fast + +setup_rt_frame: not implemented +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1591611 b/results/classifier/deepseek-r1:32b/output/runtime/1591611 new file mode 100644 index 000000000..6d7918b88 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1591611 @@ -0,0 +1,26 @@ + + + +chroot using qemu-x86_64-static fails on ppc64el + +When attempting to use qemu-x86_64-static from qemu 2.5.0 on a ppc64el host to chroot into an amd64 environment, all commands fail with an assertion error. /usr/bin/qemu-x86_64-static from the host was copied into the chroot /usr/bin, and the host has multiformat support in the kernel. + +Sample output illustrating the problem, as well as bash builtins working: + +# chroot /virtualbox/scratchdisks_local_001/amd64_chroot qemu-x86_64-static /bin/bash +# ls +bash: ../sysdeps/nptl/fork.c:136: __libc_fork: Assertion `({ __typeof (self->tid) __value; if (sizeof (__value) == 1) asm volatile ("movb %%fs:%P2,%b0" : "=q" (__value) : "0" (0), "i" (__builtin_offsetof (struct pthread, tid))); else if (sizeof (__value) == 4) asm volatile ("movl %%fs:%P1,%0" : "=r" (__value) : "i" (__builtin_offsetof (struct pthread, tid))); else { if (sizeof (__value) != 8) abort (); asm volatile ("movq %%fs:%P1,%q0" : "=r" (__value) : "i" (__builtin_offsetof (struct pthread, tid))); } __value; }) != ppid' failed. +setup_frame: not implemented +setup_frame: not implemented +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault +setup_frame: not implemented +setup_frame: not implemented +# echo TEST +TEST +# cat test +bash: ../sysdeps/nptl/fork.c:136: __libc_fork: Assertion `({ __typeof (self->tid) __value; if (sizeof (__value) == 1) asm volatile ("movb %%fs:%P2,%b0" : "=q" (__value) : "0" (0), "i" (__builtin_offsetof (struct pthread, tid))); else if (sizeof (__value) == 4) asm volatile ("movl %%fs:%P1,%0" : "=r" (__value) : "i" (__builtin_offsetof (struct pthread, tid))); else { if (sizeof (__value) != 8) abort (); asm volatile ("movq %%fs:%P1,%q0" : "=r" (__value) : "i" (__builtin_offsetof (struct pthread, tid))); } __value; }) != ppid' failed. +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault + +It is currently unknown if other host architectures (e.g. aarch64) are also affected. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1593 b/results/classifier/deepseek-r1:32b/output/runtime/1593 new file mode 100644 index 000000000..6ad5a6aed --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1593 @@ -0,0 +1,10 @@ + + + +SLIRP hostfwd ignores bind address and uses `INADDR_ANY` +Description of problem: +When using `-netdev hostfwd=`..., qemu SLIRP uses `INADDR_ANY` instead of any bind address provided by the user. As a result, even if the user specifies to listen only on localhost (e.g. `-netdev user,hostfwd=tcp:127.0.0.1:22-:22`), qemu will listen on `*.*`. This is a potential security issue (as it may unexpectedly expose the guest to internet or local network traffic). +Additional information: +The bug is here: https://gitlab.com/qemu-project/qemu/-/blob/master/net/slirp.c#L777 + +Rather than hardcoding `INADDR_ANY`, qemu should respect the user-defined bind address. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1603734 b/results/classifier/deepseek-r1:32b/output/runtime/1603734 new file mode 100644 index 000000000..e542bd20d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1603734 @@ -0,0 +1,10 @@ + + + +Hang in fsqrt + +At least qemu-i368 and qemu-x86_64 hang in floatx80_sqrt in versions 2.6.0 and git (2.6.50) for some input values, likely due to an infinite loop at fpu/softfloat.c:6569. + +Steps to reproduce: +1) Compile attached code: gcc -o test test.c -lm +2) `qemu-i368 test` and `qemu-x86_64 test` will hang at 100% cpu \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1614348 b/results/classifier/deepseek-r1:32b/output/runtime/1614348 new file mode 100644 index 000000000..c9442ce00 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1614348 @@ -0,0 +1,42 @@ + + + +qemu-arm core dumped for no entry symbol programe + +Hi qemu developers, + +Environment: +* Fedora 24 x86_64 +* qemu-arm version 2.6.92, Copyright (c) 2003-2008 Fabrice Bellard +* arm-linux-gnu-gcc 6.1.1 20160621 (Red Hat Cross 6.1.1-2) (GCC) target: arm-linux-gnueabi +* glibc-arm-linux-gnu-devel-2.23 + +very simple hello.c: + +#include <stdio.h> + +int main(int argc, char *argv[]) +{ + printf("Hello World\n"); + + return 0; +} + +arm-linux-gnu-gcc hello.c -I/usr/arm-linux-gnu/include -L/usr/arm-linux-gnu/lib -nostdlib -lc + +/usr/bin/arm-linux-gnu-ld: Warning: Cannot find entry symbol _start; defaulting to 00000000000101fc + +qemu-arm -L /usr/arm-linux-gnu ./a.out + +Hello World +qemu: uncaught target signal 4 (Illegal instruction) - core dumped +Illegal instruction + +But provided entry symbol: + +arm-linux-gnu-gcc hello.c -I/usr/arm-linux-gnu/include -L/usr/arm-linux-gnu/lib -nostdlib /usr/arm-linux-gnu/lib/crt1.o /usr/arm-linux-gnu/lib/crti.o /usr/arm-linux-gnu/lib/crtn.o -lc + +qemu-arm -L /usr/arm-linux-gnu ./a.out is able to work happily! + +Regards, +Leslie Zhai \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1623020 b/results/classifier/deepseek-r1:32b/output/runtime/1623020 new file mode 100644 index 000000000..f33d7ee9d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1623020 @@ -0,0 +1,58 @@ + + + +emulate amd64 binary on arm7 host + +I'm trying to run a Go program compiled for amd64 on a Raspberry Pi. Here is an example : + +=== +// main.go +package main + +func main() { + println("hello world") +} +=== + +Then here is the output I'm getting : + +=== +> GOARCH=amd64 go build main.go +> ../qemu/build/x86_64-linux-user/qemu-x86_64 -strace ./main +29213 arch_prctl(4098,4823880,0,0,0,0) = 0 +29213 write(2,0,4622922)fatal error: = 13 +29213 write(2,0,4622132)bad timediv = 11 +29213 write(2,0,4620094) + = 1 +29213 write(2,0,4635135)runtime: panic before malloc heap initialized + = 46 +29213 select(0,0,0,0,1082131776,0) = -1 errno=14 (Bad address) +29213 select(0,0,0,0,1082131776,0) = -1 errno=14 (Bad address) +29213 write(2,0,4623731) +runtime stack: + = 16 +29213 write(2,0,4622922)fatal error: = 13 +29213 write(2,0,4634607)gentraceback before goexitPC initialization = 43 +29213 write(2,0,4620094) + = 1 +29213 write(2,0,4635135)runtime: panic before malloc heap initialized + = 46 +29213 write(2,0,4624923)panic during panic + = 19 +29213 write(2,0,4623731) +runtime stack: + = 16 +29213 write(2,0,4622922)fatal error: = 13 +29213 write(2,0,4634607)gentraceback before goexitPC initialization = 43 +29213 write(2,0,4620094) + = 1 +29213 write(2,0,4635135)runtime: panic before malloc heap initialized + = 46 +29213 write(2,0,4627441)stack trace unavailable + = 24 +29213 exit_group(4) +=== + +I'm running the latest qemu (commit 7263da78045dc91cc207f350911efe4259e99b3c), which was compiled with "../configure --target-list=x86_64-linux-user --static". + +The go version is 1.7.1, and the system "Linux raspberrypi 4.4.11-v7+ #888 SMP Mon May 23 20:10:33 BST 2016 armv7l GNU/Linux". \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1641861 b/results/classifier/deepseek-r1:32b/output/runtime/1641861 new file mode 100644 index 000000000..b1e75a03d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1641861 @@ -0,0 +1,39 @@ + + + +ARM QEMU doesn't enforce that RES0 bits in FPSCR are non-writeable + +Hi all, we systematically tested the QEMU implementation for emulating arm user mode programs. We found that QEMU incorrectly emulate the FPSCR register. The following the proof of code: + +/*********** Beginning of the bug: arm.c **********/ + +int printf(const char *format, ...); +unsigned char i0[0x10]; +unsigned char o[0x10]; +int main() { + int k = 0; + asm("mov r2, %0\n" + "ldr r0, [r2]\n"::"r"((char *)(i0)));; + asm("vmsr fpscr, r0"); + asm("mov r2, %0\n" + "vmrs r4, fpscr\n" + "str r4, [r2]\n"::"r"((char *)(o)));; + for (k = 0; k < 0x10; k++) + printf("%02x", o[0x10 - 1 - k]); + printf("\n"); +} +unsigned char i0[0x10] = {0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00, 0x28, 0x1c, 0xc7, 0x01, 0x00, 0x00, 0x00, 0x00}; + +/*********** End fo the bug **********/ + +When the program is compiled into arm binary code and running on a real arm machine, and running in qemu, we have the following result + +$ arm-linux-gnueabihf-gcc arm.c -o arm -static +$ ./arm +000000000000000000000000fff7009f +$ qemu-arm arm +000000000000000000000000ffffffff + +According to the ARM manual, bits[19, 14:13, 6:5] of FPSCR should be reserved as zero. However, arm qemu fails to keep these bits to be zero: these bits can be actually modified in QEMU. + +Thanks! \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1648 b/results/classifier/deepseek-r1:32b/output/runtime/1648 new file mode 100644 index 000000000..e69c40386 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1648 @@ -0,0 +1,61 @@ + + + +linux-user: incorrect alignment of sigframe::pretcode & rt_sigframe::pretcode cause crash +Description of problem: +Corrent Print Result: + +sp: cdd3b4e8 + +SUCCEEDED! + +qemu-x86_64 Print Result: + +sp: 2804170 + +qemu: uncaught target signal 11 (Segmentation fault) - core dumped + +Segmentation fault + +Reason of Bug: + +sigframe::pretcode & rt_sigframe::pretcode must align of 16n-sizeof(void*) instead of 16n, Because rsp align of 16n before instruction "call" in caller, After "call", push address of "call" in caller. sp of begin in callee is 16n-sizeof(void*) + +For example on x86_64: + +reference to "qemu/linux-user/i386/signal.c" + +``` +# define TARGET_FPSTATE_FXSAVE_OFFSET 0 + +struct rt_sigframe { + abi_ulong pretcode; + struct target_ucontext uc; + struct target_siginfo info; + struct target_fpstate fpstate QEMU_ALIGNED(16); +}; +#define TARGET_RT_SIGFRAME_FXSAVE_OFFSET ( \ + offsetof(struct rt_sigframe, fpstate) + TARGET_FPSTATE_FXSAVE_OFFSET) +``` + +offsetof(struct rt_sigframe, fpstate) align of 16 + +TARGET_FPSTATE_FXSAVE_OFFSET is 0 + +TARGET_RT_SIGFRAME_FXSAVE_OFFSET is 16n, also alignment of fxsave is 64 + +so address of rt_sigframe::pretcode is 16n instead of 16n - sizeof(void*), It is incorect! + +Fix the bug: + +``` +struct rt_sigframe { + abi_ulong pretcode; + struct target_ucontext uc; + struct target_siginfo info; + abi_ulong unused QEMU_ALIGNED(16); + struct target_fpstate fpstate; +}; +``` + +offsetof(struct rt_sigframe, fpstate) is 16n+8, so address of rt_sigframe::pretcode is 16n-8 on x86_64. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1650 b/results/classifier/deepseek-r1:32b/output/runtime/1650 new file mode 100644 index 000000000..a762d263f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1650 @@ -0,0 +1,17 @@ + + + +Consider doing runtime detection of MAP_FIXED_NOREPLACE +Description of problem: +``` +qemu-i386-static: Unable to reserve 0xfffff000 bytes of virtual address space at 0x1000 (Operation not supported) for use as guest address space (check your virtual memory ulimit setting, min_mmap_addr or reserve less using -R option) +``` +strace says +``` + mmap(0x1000, 4294963200, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE|MAP_FIXED_NOREPLACE, -1, 0) = -1 EOPNOTSUPP (Operation not supported) +``` +Steps to reproduce: +1. `apt install qemu-i386-static 32subsystem` +2. `strace qemu-i386-static /opt/32/bin/as` +Additional information: +Repeating the strace call in a minimal C program gives the same errno as expected -- the kernel is only 4.4. The problem here is that qemu only does `MAP_FIXED_NOREPLACE` feature detection at build-time via a `#ifndef` and even that behavior is poorly documented. Maybe do something at runtime? diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1654137 b/results/classifier/deepseek-r1:32b/output/runtime/1654137 new file mode 100644 index 000000000..d5672caa3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1654137 @@ -0,0 +1,10 @@ + + + +Ctrl-A b not working in 2.8.0 + +With a recent update from 2.7.0 to 2.8.0 I have discovered that I can no longer send a "break" to the VM. Ctrl-A b is simply ignored. Other Ctrl-A sequences seem to work correctly. + +This is on a NetBSD amd64 system, version 7.99.53, and qemu was installed on this system from source. + +Reverting to the previous install restores "break" capability. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1659901 b/results/classifier/deepseek-r1:32b/output/runtime/1659901 new file mode 100644 index 000000000..00e73f655 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1659901 @@ -0,0 +1,12 @@ + + + +Regression: SIGSEGV running Java + +I have a build script that bootstraps a Debian armhf image. Part of the process involves running a Java program while inside a chroot. I am using Debian's qemu-user-static package to run the armhf Java binary on an amd64 system. + +qemu-user-static version 1:2.7+dfsg-3~bpo8+2 works fine. Version 1:2.8+dfsg-1~bpo8+1 always causes Java to crash with a SIGSEGV. The location of the crash appears to be random and hasn't been the same twice. + +I am using the Azul Systems Zulu Embedded Java runtime, rather than the regular OpenJDK runtime, because the Zulu runtime has an arm32 JIT whereas OpenJDK is interpreter-only on arm32. + +I can reproduce the problem easily by mounting the image created by my build script and executing "java -XshowSettings -version" in a chroot. I can give you the image if that would help debug the problem. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1661815 b/results/classifier/deepseek-r1:32b/output/runtime/1661815 new file mode 100644 index 000000000..9f7701f6e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1661815 @@ -0,0 +1,29 @@ + + + +Stack address is returned from function translate_one + +The vulnerable version is qemu-2.8.0, and the vulnerable function is in "target-s390x/translate.c". + +The code snippet is as following. + +static ExitStatus translate_one(CPUS390XState *env, DisasContext *s) +{ + const DisasInsn *insn; + ExitStatus ret = NO_EXIT; + DisasFields f; + ... + s->fields = &f; + ... + s->pc = s->next_pc; + return ret; +} + +A stack address, i.e. the address of local variable "f" is returned from current function through the output parameter "s->fields" as a side effect. + +This issue is one kind of undefined behaviors, according the C Standard, 6.2.4 [ISO/IEC 9899:2011] (https://www.securecoding.cert.org/confluence/display/c/DCL30-C.+Declare+objects+with+appropriate+storage+durations) + +This dangerous defect may lead to an exploitable vulnerability. +We suggest sanitizing "s->fields" as null before return. + +Note that this issue is reported by shqking and Zhenwei Zou together. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1667401 b/results/classifier/deepseek-r1:32b/output/runtime/1667401 new file mode 100644 index 000000000..29692971e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1667401 @@ -0,0 +1,70 @@ + + + +qemu-ppc segfaults(SIGSEGV) on pthread_create + +qemu-ppc running on x86-64 hardware leads to a segfault when running the +attached program (test.c). It simply creates a pthread, joins it and exits. + +It was compiled as follows on a Debian testing system: +> powerpc-linux-gnuspe-gcc-6 -static -Wall -g -o test -pthread test.c + +Sample execution (expected output is "Hello - World!"): +> qemu-ppc -cpu e500 ./test +[...output...] +Hello - qemu-ppc: /build/qemu-_M2UL5/qemu-2.8+dfsg/translate-all.c:175: tb_lock: Assertion `!have_tb_lock' failed. +qemu-ppc: /build/qemu-_M2UL5/qemu-2.8+dfsg/translate-all.c:175: tb_lock: Assertion `!have_tb_lock' failed. +[1] 25747 segmentation fault qemu-ppc -cpu e500 test +[...end output...] + +The same behavior is observed when running on a PPC 604: + +> powerpc-linux-gnu-gcc -Wall -g -o test -pthread test.c +> qemu-ppc ./test +[... as above ...] + +Version information: +powerpc-linux-gnu-gcc -v => gcc version 6.3.0 20170124 (Debian 6.3.0-5) +qemu-ppc -version => qemu-ppc version 2.8.0(Debian 1:2.8+dfsg-2) + +The same experiment was conducted again using qemu from the git repository (commit: 796b288f7be875045670f963ce99991b3c8e96ac): +~/tools/qemu/build/ppc-linux-user/qemu-ppc -version => qemu-ppc version 2.8.50 (v2.8.0-1417-g796b288f7b-dirty) +[...output...] +Hello - qemu-ppc: [...redacted...]/tools/qemu/translate-all.c:175: tb_lock: Assertion `!have_tb_lock' failed. +qemu-ppc: [...redacted...]/tools/qemu/translate-all.c:175: tb_lock: Assertion `!have_tb_lock' failed. +[1] 25996 segmentation fault ~/tools/qemu/build/ppc-linux-user/qemu-ppc -cpu e500 test +[...end output...] + + +Executing with -strace option yields a surprising entry (see second clone() syscall below): +[...] +26007 clone(CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,child_stack=0xf67fde60,parent_tidptr=0xf67fe368,tls=0xf68057d0,child_tidptr=0xf67fe368) = 26009 +26007 clone(0,child_stack=0xf67fde60,parent_tidptr=0xf67fe368,tls=0xf68057d0,child_tidptr=0xf67fe368) = -1 errno=22 (Invalid argument) + + +test.c works just fine if the pthread_create & pthread_join calls are removed +(i.e. when compiled with -DNO_PTHREAD_CREATE). + +At first glance, the issue seems specific to PPC because compiling and running +for x86_64 using qemu-x86_64 works fine. + + +Additional info: +> lddtree =qemu-ppc +qemu-ppc => /usr/bin/qemu-ppc (interpreter => /lib64/ld-linux-x86-64.so.2) + libgmodule-2.0.so.0 => /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0 + libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 + ld-linux-x86-64.so.2 => /lib64/ld-linux-x86-64.so.2 + libglib-2.0.so.0 => /lib/x86_64-linux-gnu/libglib-2.0.so.0 + libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 + librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 + libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 + libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 + libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 + libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 + +> /lib/x86_64-linux-gnu/libc.so.6 +GNU C Library (Debian GLIBC 2.24-9) stable release version 2.24, by Roland McGrath et al. + +> uname -a +Linux [...redacted...] 4.9.0-1-amd64 #1 SMP Debian 4.9.6-3 (2017-01-28) x86_64 GNU/Linux \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1671 b/results/classifier/deepseek-r1:32b/output/runtime/1671 new file mode 100644 index 000000000..12f4d7b2a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1671 @@ -0,0 +1,1360 @@ + + + +segfault/errors in gdbstub with linux userspace emulator (qemu-riscv64), from racy behavior with singal handler? +Description of problem: +Often, qemu segfaults, sometimes GDB just spits out a wall of "Ignoring packet error, continuing..." and ~hangs: I don't get a GDB command prompt quickly, if at all, and when I ctrl-c I see "The target is not responding to GDB commands. Stop debugging it? (y or n)". +Steps to reproduce: +1. Run the `testb3` binary from below as described +2. Connect via GDB and `continue` +3. Multiple threads (independently) SIGABRT themselves when they fail their test(s), which happens quickly on my machine (which has 16 physical cores) +Additional information: +From the coredump, it looks like there's a lot of cooks in the gdbstub kitchen: + +``` + Id Target Id Frame +* 1 Thread 0x7febc02ef6c0 (LWP 3922802) gdb_next_attached_cpu () at ../qemu-8.0.0/gdbstub/gdbstub.c:282 + 2 Thread 0x7febc06db6c0 (LWP 3922792) safe_syscall_base () + at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75 + 3 Thread 0x7febc03b26c0 (LWP 3922799) 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 + 4 Thread 0x7febc0f5d6c0 (LWP 3922751) 0x00007febc16e80dd in syscall () from /usr/lib/libc.so.6 + 5 Thread 0x7febc0f5ebc0 (LWP 3922750) safe_syscall_base () + at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75 + 6 Thread 0x7febc01696c0 (LWP 3922808) 0x00007febc16de96c in read () from /usr/lib/libc.so.6 + 7 Thread 0x7febc04f76c0 (LWP 3922794) 0x00007febc16f1d4c in send () from /usr/lib/libc.so.6 + 8 Thread 0x7febc026d6c0 (LWP 3922804) 0x00007febc16de96c in read () from /usr/lib/libc.so.6 + 9 Thread 0x7febc01aa6c0 (LWP 3922807) 0x00007febc16de96c in read () from /usr/lib/libc.so.6 + 10 Thread 0x7febc075c6c0 (LWP 3922793) 0x00007febc16de96c in read () from /usr/lib/libc.so.6 + 11 Thread 0x7febc04756c0 (LWP 3922796) 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 + 12 Thread 0x7febc01eb6c0 (LWP 3922806) 0x00007febc16de96c in read () from /usr/lib/libc.so.6 + 13 Thread 0x7febc022c6c0 (LWP 3922805) 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 + 14 Thread 0x7febc03f36c0 (LWP 3922798) 0x00007febc16de96c in read () from /usr/lib/libc.so.6 + 15 Thread 0x7febc04346c0 (LWP 3922797) 0x00007febc16de96c in read () from /usr/lib/libc.so.6 + 16 Thread 0x7febc03716c0 (LWP 3922800) 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 + 17 Thread 0x7febc04b66c0 (LWP 3922795) 0x00007febc16de96c in read () from /usr/lib/libc.so.6 + 18 Thread 0x7febc02ae6c0 (LWP 3922803) 0x00007febc16de96c in read () from /usr/lib/libc.so.6 + 19 Thread 0x7febc03306c0 (LWP 3922801) 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +``` + +Each of those `read` and `send` threads look something similar to this one: + +``` +Thread 19 (Thread 0x7febc03306c0 (LWP 3922801)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +``` + +Which, at a guess, seems like there's maybe 20 different concurrent processes fighting over the singular [gdbstub state](https://gitlab.com/qemu-project/qemu/-/blob/master/gdbstub/gdbstub.c#L57)? Specifically, they're all stomping on each other by writing to the same [buffer](https://gitlab.com/qemu-project/qemu/-/blob/master/gdbstub/user.c#L136) and advancing the [current CPU list pointer](https://gitlab.com/qemu-project/qemu/-/blob/master/gdbstub/gdbstub.c#L1422), which causes the "bad packet" cross-talk and the segfault respectively. + +<details><summary>full backtrace</summary> + +``` +(gdb) thread apply all bt full + +Thread 19 (Thread 0x7febc03306c0 (LWP 3922801)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 18 (Thread 0x7febc02ae6c0 (LWP 3922803)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 17 (Thread 0x7febc04b66c0 (LWP 3922795)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 16 (Thread 0x7febc03716c0 (LWP 3922800)): +#0 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38 +No locals. +#2 gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39 +No locals. +#3 0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62 +No locals. +#4 gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164 +No locals. +#5 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +No locals. +#6 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +No locals. +#7 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#8 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +No locals. +#9 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +No locals. +#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +No locals. +#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +No locals. +#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +No locals. +#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +No locals. +#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 15 (Thread 0x7febc04346c0 (LWP 3922797)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 14 (Thread 0x7febc03f36c0 (LWP 3922798)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 13 (Thread 0x7febc022c6c0 (LWP 3922805)): +#0 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38 +No locals. +#2 gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39 +No locals. +#3 0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62 +No locals. +#4 gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164 +No locals. +#5 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +No locals. +#6 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +No locals. +#7 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#8 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +No locals. +#9 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +No locals. +#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +No locals. +#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +No locals. +#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +No locals. +#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +No locals. +#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 12 (Thread 0x7febc01eb6c0 (LWP 3922806)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 11 (Thread 0x7febc04756c0 (LWP 3922796)): +#0 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38 +No locals. +#2 gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39 +No locals. +#3 0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62 +No locals. +#4 gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164 +No locals. +#5 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +No locals. +#6 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +No locals. +#7 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#8 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +No locals. +#9 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +No locals. +#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +No locals. +#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +No locals. +#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +No locals. +#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +No locals. +#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 10 (Thread 0x7febc075c6c0 (LWP 3922793)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 9 (Thread 0x7febc01aa6c0 (LWP 3922807)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 8 (Thread 0x7febc026d6c0 (LWP 3922804)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 7 (Thread 0x7febc04f76c0 (LWP 3922794)): +#0 0x00007febc16f1d4c in send () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273a994a in gdb_put_buffer () at ../qemu-8.0.0/gdbstub/user.c:82 +No locals. +#2 0x00005582273aad23 in gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:161 +No locals. +#3 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +No locals. +#4 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +No locals. +#5 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#6 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +No locals. +#7 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +No locals. +#8 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#9 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +No locals. +#10 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +No locals. +#11 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +No locals. +#12 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +No locals. +#13 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#14 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#15 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#16 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#17 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#18 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 6 (Thread 0x7febc01696c0 (LWP 3922808)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 5 (Thread 0x7febc0f5ebc0 (LWP 3922750)): +#0 safe_syscall_base () at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75 +No locals. +#1 0x00005582274134c2 in safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:678 +No locals. +#2 do_safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:7804 +No locals. +#3 do_futex () at ../qemu-8.0.0/linux-user/syscall.c:7891 +No locals. +#4 0x00005582274191fa in do_syscall1.constprop.0 () at ../qemu-8.0.0/linux-user/syscall.c:12476 +No locals. +#5 0x00005582273a2a22 in do_syscall () at ../qemu-8.0.0/linux-user/syscall.c:13375 +No locals. +#6 0x000055822729644c in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:55 +No locals. +#7 0x000055822728bfa1 in main () at ../qemu-8.0.0/linux-user/main.c:962 +No locals. + +Thread 4 (Thread 0x7febc0f5d6c0 (LWP 3922751)): +#0 0x00007febc16e80dd in syscall () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273cdcb3 in qemu_futex_wait () at /usr/src/debug/qemu/qemu-8.0.0/include/qemu/futex.h:29 +No locals. +#2 qemu_event_wait () at ../qemu-8.0.0/util/qemu-thread-posix.c:464 +No locals. +#3 0x00005582273d83ad in call_rcu_thread () at ../qemu-8.0.0/util/rcu.c:261 +No locals. +#4 0x00005582273cde58 in qemu_thread_start () at ../qemu-8.0.0/util/qemu-thread-posix.c:541 +No locals. +#5 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#6 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 3 (Thread 0x7febc03b26c0 (LWP 3922799)): +#0 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38 +No locals. +#2 gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39 +No locals. +#3 0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62 +No locals. +#4 gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164 +No locals. +#5 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +No locals. +#6 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +No locals. +#7 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#8 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +No locals. +#9 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +No locals. +#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +No locals. +#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +No locals. +#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +No locals. +#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +No locals. +#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 2 (Thread 0x7febc06db6c0 (LWP 3922792)): +#0 safe_syscall_base () at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75 +No locals. +#1 0x00005582274134c2 in safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:678 +No locals. +#2 do_safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:7804 +No locals. +#3 do_futex () at ../qemu-8.0.0/linux-user/syscall.c:7891 +No locals. +#4 0x00005582274191fa in do_syscall1.constprop.0 () at ../qemu-8.0.0/linux-user/syscall.c:12476 +No locals. +#5 0x00005582273a2a22 in do_syscall () at ../qemu-8.0.0/linux-user/syscall.c:13375 +No locals. +#6 0x000055822729644c in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:55 +No locals. +#7 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#8 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#9 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 1 (Thread 0x7febc02ef6c0 (LWP 3922802)): +#0 gdb_next_attached_cpu () at ../qemu-8.0.0/gdbstub/gdbstub.c:282 +No locals. +#1 0x00005582273ab774 in handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1411 +No locals. +#2 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#3 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +No locals. +#4 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +No locals. +#5 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#6 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +No locals. +#7 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +No locals. +#8 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +No locals. +#9 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +No locals. +#10 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#11 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#12 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#13 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#14 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#15 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +(gdb) thread apply all bt + +Thread 19 (Thread 0x7febc03306c0 (LWP 3922801)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 18 (Thread 0x7febc02ae6c0 (LWP 3922803)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 17 (Thread 0x7febc04b66c0 (LWP 3922795)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 16 (Thread 0x7febc03716c0 (LWP 3922800)): +#0 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 +#1 0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38 +#2 gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39 +#3 0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62 +#4 gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164 +#5 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +#6 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +#7 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +#8 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +#9 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 15 (Thread 0x7febc04346c0 (LWP 3922797)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 14 (Thread 0x7febc03f36c0 (LWP 3922798)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 13 (Thread 0x7febc022c6c0 (LWP 3922805)): +#0 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 +#1 0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38 +#2 gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39 +#3 0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62 +#4 gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164 +#5 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +#6 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +#7 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +#8 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +#9 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 12 (Thread 0x7febc01eb6c0 (LWP 3922806)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 11 (Thread 0x7febc04756c0 (LWP 3922796)): +#0 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 +#1 0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38 +#2 gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39 +#3 0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62 +#4 gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164 +#5 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +#6 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +#7 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +#8 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +#9 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 10 (Thread 0x7febc075c6c0 (LWP 3922793)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 9 (Thread 0x7febc01aa6c0 (LWP 3922807)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 8 (Thread 0x7febc026d6c0 (LWP 3922804)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 7 (Thread 0x7febc04f76c0 (LWP 3922794)): +#0 0x00007febc16f1d4c in send () from /usr/lib/libc.so.6 +#1 0x00005582273a994a in gdb_put_buffer () at ../qemu-8.0.0/gdbstub/user.c:82 +#2 0x00005582273aad23 in gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:161 +#3 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +#4 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +#5 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +#6 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +#7 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +#8 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +#9 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +#10 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +#11 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +#12 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +#13 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#14 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#15 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#16 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#17 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#18 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 6 (Thread 0x7febc01696c0 (LWP 3922808)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 5 (Thread 0x7febc0f5ebc0 (LWP 3922750)): +#0 safe_syscall_base () at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75 +#1 0x00005582274134c2 in safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:678 +#2 do_safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:7804 +#3 do_futex () at ../qemu-8.0.0/linux-user/syscall.c:7891 +#4 0x00005582274191fa in do_syscall1.constprop.0 () at ../qemu-8.0.0/linux-user/syscall.c:12476 +#5 0x00005582273a2a22 in do_syscall () at ../qemu-8.0.0/linux-user/syscall.c:13375 +#6 0x000055822729644c in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:55 +#7 0x000055822728bfa1 in main () at ../qemu-8.0.0/linux-user/main.c:962 + +Thread 4 (Thread 0x7febc0f5d6c0 (LWP 3922751)): +#0 0x00007febc16e80dd in syscall () from /usr/lib/libc.so.6 +#1 0x00005582273cdcb3 in qemu_futex_wait () at /usr/src/debug/qemu/qemu-8.0.0/include/qemu/futex.h:29 +#2 qemu_event_wait () at ../qemu-8.0.0/util/qemu-thread-posix.c:464 +#3 0x00005582273d83ad in call_rcu_thread () at ../qemu-8.0.0/util/rcu.c:261 +#4 0x00005582273cde58 in qemu_thread_start () at ../qemu-8.0.0/util/qemu-thread-posix.c:541 +#5 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#6 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 3 (Thread 0x7febc03b26c0 (LWP 3922799)): +#0 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 +#1 0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38 +#2 gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39 +#3 0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62 +#4 gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164 +#5 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +#6 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +#7 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +#8 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +#9 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 2 (Thread 0x7febc06db6c0 (LWP 3922792)): +#0 safe_syscall_base () at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75 +#1 0x00005582274134c2 in safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:678 +#2 do_safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:7804 +#3 do_futex () at ../qemu-8.0.0/linux-user/syscall.c:7891 +#4 0x00005582274191fa in do_syscall1.constprop.0 () at ../qemu-8.0.0/linux-user/syscall.c:12476 +#5 0x00005582273a2a22 in do_syscall () at ../qemu-8.0.0/linux-user/syscall.c:13375 +#6 0x000055822729644c in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:55 +#7 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#8 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#9 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 + +Thread 1 (Thread 0x7febc02ef6c0 (LWP 3922802)): +#0 gdb_next_attached_cpu () at ../qemu-8.0.0/gdbstub/gdbstub.c:282 +#1 0x00005582273ab774 in handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1411 +#2 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +#3 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +#4 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +#5 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +#6 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +#7 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +#8 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +#9 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +#10 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +#11 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +#12 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +#13 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +#14 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +#15 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +(gdb) thread apply all bt full + +Thread 19 (Thread 0x7febc03306c0 (LWP 3922801)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 18 (Thread 0x7febc02ae6c0 (LWP 3922803)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 17 (Thread 0x7febc04b66c0 (LWP 3922795)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 16 (Thread 0x7febc03716c0 (LWP 3922800)): +#0 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38 +No locals. +#2 gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39 +No locals. +#3 0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62 +No locals. +#4 gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164 +No locals. +#5 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +No locals. +#6 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +No locals. +#7 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#8 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +No locals. +#9 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +No locals. +#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +No locals. +#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +No locals. +#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +No locals. +#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +No locals. +#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 15 (Thread 0x7febc04346c0 (LWP 3922797)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 14 (Thread 0x7febc03f36c0 (LWP 3922798)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 13 (Thread 0x7febc022c6c0 (LWP 3922805)): +#0 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38 +No locals. +#2 gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39 +No locals. +#3 0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62 +No locals. +#4 gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164 +No locals. +#5 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +No locals. +#6 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +No locals. +#7 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#8 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +No locals. +#9 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +No locals. +#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +No locals. +#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +No locals. +#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +No locals. +#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +No locals. +#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 12 (Thread 0x7febc01eb6c0 (LWP 3922806)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 11 (Thread 0x7febc04756c0 (LWP 3922796)): +#0 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38 +No locals. +#2 gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39 +No locals. +#3 0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62 +No locals. +#4 gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164 +No locals. +#5 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +No locals. +#6 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +No locals. +#7 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#8 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +No locals. +#9 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +No locals. +#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +No locals. +#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +No locals. +#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +No locals. +#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +No locals. +#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 10 (Thread 0x7febc075c6c0 (LWP 3922793)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 9 (Thread 0x7febc01aa6c0 (LWP 3922807)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 8 (Thread 0x7febc026d6c0 (LWP 3922804)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 7 (Thread 0x7febc04f76c0 (LWP 3922794)): +#0 0x00007febc16f1d4c in send () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273a994a in gdb_put_buffer () at ../qemu-8.0.0/gdbstub/user.c:82 +No locals. +#2 0x00005582273aad23 in gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:161 +No locals. +#3 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +No locals. +#4 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +No locals. +#5 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#6 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +No locals. +#7 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +No locals. +#8 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#9 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +No locals. +#10 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +No locals. +#11 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +No locals. +#12 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +No locals. +#13 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#14 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#15 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#16 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#17 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#18 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 6 (Thread 0x7febc01696c0 (LWP 3922808)): +#0 0x00007febc16de96c in read () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273ae6ce in read () at /usr/include/bits/unistd.h:38 +No locals. +#2 gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:148 +No locals. +#3 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#4 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#5 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#6 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#7 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#8 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 5 (Thread 0x7febc0f5ebc0 (LWP 3922750)): +#0 safe_syscall_base () at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75 +No locals. +#1 0x00005582274134c2 in safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:678 +No locals. +#2 do_safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:7804 +No locals. +#3 do_futex () at ../qemu-8.0.0/linux-user/syscall.c:7891 +No locals. +#4 0x00005582274191fa in do_syscall1.constprop.0 () at ../qemu-8.0.0/linux-user/syscall.c:12476 +No locals. +#5 0x00005582273a2a22 in do_syscall () at ../qemu-8.0.0/linux-user/syscall.c:13375 +No locals. +#6 0x000055822729644c in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:55 +No locals. +#7 0x000055822728bfa1 in main () at ../qemu-8.0.0/linux-user/main.c:962 +No locals. + +Thread 4 (Thread 0x7febc0f5d6c0 (LWP 3922751)): +#0 0x00007febc16e80dd in syscall () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273cdcb3 in qemu_futex_wait () at /usr/src/debug/qemu/qemu-8.0.0/include/qemu/futex.h:29 +No locals. +#2 qemu_event_wait () at ../qemu-8.0.0/util/qemu-thread-posix.c:464 +No locals. +#3 0x00005582273d83ad in call_rcu_thread () at ../qemu-8.0.0/util/rcu.c:261 +No locals. +#4 0x00005582273cde58 in qemu_thread_start () at ../qemu-8.0.0/util/qemu-thread-posix.c:541 +No locals. +#5 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#6 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 3 (Thread 0x7febc03b26c0 (LWP 3922799)): +#0 0x00007febc16f1b1c in recv () from /usr/lib/libc.so.6 +No symbol table info available. +#1 0x00005582273a9882 in recv () at /usr/include/bits/socket2.h:38 +No locals. +#2 gdb_get_char () at ../qemu-8.0.0/gdbstub/user.c:39 +No locals. +#3 0x00005582273aad28 in gdb_got_immediate_ack () at ../qemu-8.0.0/gdbstub/user.c:62 +No locals. +#4 gdb_put_packet_binary () at ../qemu-8.0.0/gdbstub/gdbstub.c:164 +No locals. +#5 0x00005582273ab768 in gdb_put_strbuf () at ../qemu-8.0.0/gdbstub/gdbstub.c:181 +No locals. +#6 handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1410 +No locals. +#7 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#8 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +No locals. +#9 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +No locals. +#10 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#11 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +No locals. +#12 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +No locals. +#13 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +No locals. +#14 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +No locals. +#15 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#16 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#17 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#18 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#19 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#20 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 2 (Thread 0x7febc06db6c0 (LWP 3922792)): +#0 safe_syscall_base () at ../qemu-8.0.0/common-user/host/x86_64/safe-syscall.inc.S:75 +No locals. +#1 0x00005582274134c2 in safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:678 +No locals. +#2 do_safe_futex () at ../qemu-8.0.0/linux-user/syscall.c:7804 +No locals. +#3 do_futex () at ../qemu-8.0.0/linux-user/syscall.c:7891 +No locals. +#4 0x00005582274191fa in do_syscall1.constprop.0 () at ../qemu-8.0.0/linux-user/syscall.c:12476 +No locals. +#5 0x00005582273a2a22 in do_syscall () at ../qemu-8.0.0/linux-user/syscall.c:13375 +No locals. +#6 0x000055822729644c in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:55 +No locals. +#7 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#8 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#9 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +Thread 1 (Thread 0x7febc02ef6c0 (LWP 3922802)): +#0 gdb_next_attached_cpu () at ../qemu-8.0.0/gdbstub/gdbstub.c:282 +No locals. +#1 0x00005582273ab774 in handle_query_threads () at ../qemu-8.0.0/gdbstub/gdbstub.c:1411 +No locals. +#2 0x000055822741cb78 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#3 0x00005582273abad6 in handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1673 +No locals. +#4 handle_gen_query () at ../qemu-8.0.0/gdbstub/gdbstub.c:1661 +No locals. +#5 0x000055822741cbb3 in process_string_cmd.constprop.0 () at ../qemu-8.0.0/gdbstub/gdbstub.c:838 +No locals. +#6 0x00005582273ae272 in run_cmd_parser () at ../qemu-8.0.0/gdbstub/gdbstub.c:856 +No locals. +#7 gdb_handle_packet () at ../qemu-8.0.0/gdbstub/gdbstub.c:1953 +No locals. +#8 gdb_read_byte () at ../qemu-8.0.0/gdbstub/gdbstub.c:2113 +No locals. +#9 0x00005582273ae6ec in gdb_handlesig () at ../qemu-8.0.0/gdbstub/user.c:153 +No locals. +#10 0x00005582273919fb in handle_pending_signal () at ../qemu-8.0.0/linux-user/signal.c:1042 +No locals. +#11 0x0000558227391dd2 in process_pending_signals () at ../qemu-8.0.0/linux-user/signal.c:1153 +No locals. +#12 0x00005582272964b8 in cpu_loop () at ../qemu-8.0.0/linux-user/riscv/cpu_loop.c:93 +No locals. +#13 0x00005582273a1d15 in clone_func () at ../qemu-8.0.0/linux-user/syscall.c:6621 +No locals. +#14 0x00007febc166dbb5 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. +#15 0x00007febc16efd90 in ?? () from /usr/lib/libc.so.6 +No symbol table info available. + +``` + +</details> + + + +- coredump + - [core.qemu-riscv64.1000.efb558e6104b4cc5bfa37605fc9af294.3922750.1685497956000000.zst](/uploads/071fc96520ca4008941044802c176d6a/core.qemu-riscv64.1000.efb558e6104b4cc5bfa37605fc9af294.3922750.1685497956000000.zst) + - [qemu-riscv64](/uploads/f203d5aed8559d80c2d66e439bb4dddf/qemu-riscv64) (the binary the coredump was generated from) + - download both, extract corefile, use `DEBUGINFOD_URLS=https://debuginfod.archlinux.org gdb /path/to/qemu-riscv64 -c /tmp/coredump` to debug +- reproducer + - [testb3.tar.xz](/uploads/84bdbb547e01527c3d804e0d88c6c9fe/testb3.tar.xz) (includes testb3 + sysroot to work with command line above) + - This binary is a cross-compiled `testb3` from [WebKit](https://github.com/WebKit/WebKit/blob/9755847ab1d40841374b2467b3036d943b723183/Source/JavaScriptCore/b3/testb3_1.cpp#L927) ; sorry, that's about all I know about it so far + - A GDB you might use to connect is [SiFive's](https://static.dev.sifive.com/dev-tools/riscv64-unknown-elf-gcc-8.1.0-2019.01.0-x86_64-linux-ubuntu14.tar.gz). I got more consistent segfaults with a more recent gdb (12.1), but I'm not sure how to tell you how to get that `gdb` besides "creating a riscv64 poky distribution" (what I did), which is likely not helpful. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1696353 b/results/classifier/deepseek-r1:32b/output/runtime/1696353 new file mode 100644 index 000000000..355c83de7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1696353 @@ -0,0 +1,38 @@ + + + +golang binaries fail to start under linux-user + +With current master golang binaries fail when run under linux-user, for example: + +[will@localhost qemu]$ ./arm-linux-user/qemu-arm glide +runtime: failed to create new OS thread (have 2 already; errno=22) +fatal error: newosproc + +runtime stack: +runtime.throw(0x45f879, 0x9) + /usr/lib/golang/src/runtime/panic.go:566 +0x78 +runtime.newosproc(0x1092c000, 0x1093bfe0) + /usr/lib/golang/src/runtime/os_linux.go:160 +0x1b0 +runtime.newm(0x4ae1e8, 0x0) + /usr/lib/golang/src/runtime/proc.go:1572 +0x12c +runtime.main.func1() + /usr/lib/golang/src/runtime/proc.go:126 +0x24 +runtime.systemstack(0x5ef900) + /usr/lib/golang/src/runtime/asm_arm.s:247 +0x80 +runtime.mstart() + /usr/lib/golang/src/runtime/proc.go:1079 + +goroutine 1 [running]: +runtime.systemstack_switch() + /usr/lib/golang/src/runtime/asm_arm.s:192 +0x4 fp=0x109287ac sp=0x109287a8 +runtime.main() + /usr/lib/golang/src/runtime/proc.go:127 +0x5c fp=0x109287d4 sp=0x109287ac +runtime.goexit() + /usr/lib/golang/src/runtime/asm_arm.s:998 +0x4 fp=0x109287d4 sp=0x109287d4 + +The reason for this is that the golang runtime does not pass the CLONE_SYSVMEM flag to clone so the clone flags checks fail: + +https://github.com/golang/go/blob/master/src/runtime/os_linux.go#L155 + +The attached patch allows golang binaries to start under linux-user. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1697 b/results/classifier/deepseek-r1:32b/output/runtime/1697 new file mode 100644 index 000000000..eb55b0932 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1697 @@ -0,0 +1,22 @@ + + + +qemu-arm -cpu cortex-m55 dummy_test qemu-arm: ../accel/tcg/user-exec.c:492: page_set_flags: Assertion `last <= GUEST_ADDR_MAX' failed. +Description of problem: +Basic testing failed for cortex m55 +Steps to reproduce: +1.Pulled the newest qemu 8.0.50 + +2.Create a Dummy test with only return 0 in main function + +3.run ` arm-none-eabi-gcc -o dummy_test -O2 -g -mcpu=cortex-m55 dummy_test.cc --specs=rdimon.specs` and then `qemu-arm -cpu cortex-m55 dummy_test` + +`arm-none-eabi-gcc (Arm GNU Toolchain 12.2.MPACBTI-Rel1 (Build arm-12-mpacbti.34)) 12.2.1 20230214 +Copyright (C) 2022 Free Software Foundation, Inc. +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.` + +`qemu-arm version 8.0.50 (v8.0.0-1739-g5f9dd6a8ce) +Copyright (c) 2003-2023 Fabrice Bellard and the QEMU Project developers` +Additional information: +It is a known problem in another issues: https://gitlab.com/qemu-project/qemu/-/issues/1528#note_1389268261. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1704638 b/results/classifier/deepseek-r1:32b/output/runtime/1704638 new file mode 100644 index 000000000..97f7a9eb3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1704638 @@ -0,0 +1,68 @@ + + + +weak symbol access makes qemu in user mode hang for mips, mips64 + +A program that is statically linked and invokes a weak pointer should crash (because the weak pointer evaluates to NULL). + +With qemu in user mode, for mips and mips64, it hangs. The process needs to be killed with "kill -9". + +How to reproduce for mips: +- Compile the program: mips-linux-gnu-gcc-5 -O -Wall -static -o testpthsigmask-mips testpthsigmask.c -pthread +- Set environment variables for running qemu-mips. +- ~/inst-qemu/2.9.0/bin/qemu-mips testpthsigmask-mips + +How to reproduce for mips64: +- Compile the program: mips64-linux-gnuabi64-gcc-5 -O -Wall -static -o testpthsigmask-mips64 testpthsigmask.c -lpthread +- Set environment variables for running qemu-mips64. +- ~/inst-qemu/2.9.0/bin/qemu-mips64 testpthsigmask-mips64 + +When I attach gdb to the process, I see that it is hanging inside 'gen_intermediate_code': + +$ gdb /home/bruno/inst-qemu/2.9.0/bin/qemu-mips 9726 +... +Reading symbols from /home/bruno/inst-qemu/2.9.0/bin/qemu-mips...done. +Attaching to program: /home/bruno/inst-qemu/2.9.0/bin/qemu-mips, process 9726 +... +(gdb) info threads + Id Target Id Frame +* 1 Thread 0x7f1e7e535740 (LWP 9726) "qemu-mips" __lll_lock_wait () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135 + 2 Thread 0x7f1e7d0ad700 (LWP 9727) "qemu-mips" syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 +(gdb) where +#0 __lll_lock_wait () at ../sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135 +#1 0x00007f1e7d6f1dbd in __GI___pthread_mutex_lock (mutex=mutex@entry=0x55de1c7ff830 <tcg_ctx+272>) at ../nptl/pthread_mutex_lock.c:80 +#2 0x000055de1c527199 in qemu_mutex_lock (mutex=mutex@entry=0x55de1c7ff830 <tcg_ctx+272>) + at /media/develdata/devel/build/qemu-2.9.0/util/qemu-thread-posix.c:60 +#3 0x000055de1c435083 in tb_lock () at /media/develdata/devel/build/qemu-2.9.0/translate-all.c:167 +#4 cpu_restore_state (cpu=cpu@entry=0x55de1e915cb0, retaddr=retaddr@entry=94412445741769) at /media/develdata/devel/build/qemu-2.9.0/translate-all.c:350 +#5 0x000055de1c4658d0 in handle_cpu_signal (old_set=0x7ffe5ffd8ea8, is_write=0, address=0, pc=94412445741767) + at /media/develdata/devel/build/qemu-2.9.0/user-exec.c:124 +#6 cpu_mips_signal_handler (host_signum=host_signum@entry=11, pinfo=pinfo@entry=0x7ffe5ffd8eb0, puc=puc@entry=0x7ffe5ffd8d80) + at /media/develdata/devel/build/qemu-2.9.0/user-exec.c:229 +#7 0x000055de1c4803be in host_signal_handler (host_signum=11, info=0x7ffe5ffd8eb0, puc=0x7ffe5ffd8d80) + at /media/develdata/devel/build/qemu-2.9.0/linux-user/signal.c:646 +#8 <signal handler called> +#9 __bswap_32 (__bsx=<optimized out>) at /usr/include/x86_64-linux-gnu/bits/byteswap.h:47 +#10 bswap32 (x=<optimized out>) at /media/develdata/devel/build/qemu-2.9.0/include/qemu/bswap.h:21 +#11 ldl_be_p (ptr=<optimized out>) at /media/develdata/devel/build/qemu-2.9.0/include/qemu/bswap.h:434 +#12 cpu_ldl_code (env=0x55de1e91df48, ptr=0) at /media/develdata/devel/build/qemu-2.9.0/include/exec/cpu_ldst_useronly_template.h:68 +#13 gen_intermediate_code (env=env@entry=0x55de1e91df48, tb=tb@entry=0x7f1e7b288e58) + at /media/develdata/devel/build/qemu-2.9.0/target/mips/translate.c:19962 +#14 0x000055de1c4352e6 in tb_gen_code (cpu=cpu@entry=0x55de1e915cb0, pc=pc@entry=0, cs_base=cs_base@entry=0, flags=flags@entry=162, cflags=<optimized out>, + cflags@entry=0) at /media/develdata/devel/build/qemu-2.9.0/translate-all.c:1295 +#15 0x000055de1c436a7a in tb_find (tb_exit=0, last_tb=0x0, cpu=<optimized out>) at /media/develdata/devel/build/qemu-2.9.0/cpu-exec.c:365 +#16 cpu_exec (cpu=<optimized out>) at /media/develdata/devel/build/qemu-2.9.0/cpu-exec.c:673 +#17 0x000055de1c466278 in cpu_loop (env=0x55de1e91df48) at /media/develdata/devel/build/qemu-2.9.0/linux-user/main.c:2236 +#18 0x000055de1c433103 in main (argc=<optimized out>, argv=0x7ffe5ffd9de8, envp=<optimized out>) + at /media/develdata/devel/build/qemu-2.9.0/linux-user/main.c:4860 +(gdb) thread 2 +[Switching to thread 2 (Thread 0x7f1e7d0ad700 (LWP 9727))] +#0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 +38 ../sysdeps/unix/sysv/linux/x86_64/syscall.S: Datei oder Verzeichnis nicht gefunden. +(gdb) where +#0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 +#1 0x000055de1c527605 in qemu_futex_wait (val=<optimized out>, f=<optimized out>) at /media/develdata/devel/build/qemu-2.9.0/include/qemu/futex.h:26 +#2 qemu_event_wait (ev=ev@entry=0x55de1e82c124 <rcu_call_ready_event>) at /media/develdata/devel/build/qemu-2.9.0/util/qemu-thread-posix.c:399 +#3 0x000055de1c52d41e in call_rcu_thread (opaque=<optimized out>) at /media/develdata/devel/build/qemu-2.9.0/util/rcu.c:249 +#4 0x00007f1e7d6ef6ba in start_thread (arg=0x7f1e7d0ad700) at pthread_create.c:333 +#5 0x00007f1e7d4253dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1707 b/results/classifier/deepseek-r1:32b/output/runtime/1707 new file mode 100644 index 000000000..a29648edb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1707 @@ -0,0 +1,26 @@ + + + +linux-user qemu-x86_64 can't exec a binary on aarch64 or Loongarch. +Description of problem: +on master branch, we build an simply hello.c with x86_cross gcc. +then. run './build/qemu-x86_64 hello', no output. +Steps to reproduce: +1. build an hello.c with x86_64 cross. use --static. +2. build qemu-x86_64 on aarch64 or LoongArch host. +3. run './build/qemu-x86_64 hello' +Additional information: +[strace.txt](/uploads/5362e0e9b04ad9a582470faf4a9fcedb/strace.txt) + + + + [hello](/uploads/12d9277fa4e853286414f575010a37ac/hello) + + +The following commit causes this problem. + +commit 86f04735ac2088d5c069c3d1712212ec7428c562 +Author: Helge Deller <deller@gmx.de> +Date: Sun Dec 25 09:23:19 2022 +0100 + + linux-user: Fix brk() to release pages diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1715162 b/results/classifier/deepseek-r1:32b/output/runtime/1715162 new file mode 100644 index 000000000..9dbb34466 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1715162 @@ -0,0 +1,75 @@ + + + +qemu-user crashing when writing core dump + +I've a binary I'm running in qemux86-64 but it is segfaulting. Whilst qemu writes the core dump for that, qemu itself is segfaulting. + +(gdb) bt full +#0 0x00007efdd962e32e in sigsuspend () from /data/poky-tmp/master/build/sysroots-uninative/x86_64-linux/lib/libc.so.6 +No symbol table info available. +#1 0x0000559176d74da4 in dump_core_and_abort (target_sig=target_sig@entry=11) + at /data/poky-tmp/master/build/work/x86_64-linux/qemu-native/2.10.0-r0/qemu-2.10.0/linux-user/signal.c:598 + cpu = <optimized out> + env = <optimized out> + ts = 0x55917a42d160 + core_dumped = <optimized out> + act = {__sigaction_handler = {sa_handler = 0x0, sa_sigaction = 0x0}, sa_mask = {__val = {18446744067267099647, + 18446744073709551615 <repeats 15 times>}}, sa_flags = 0, sa_restorer = 0x559100004010} +#2 0x0000559176d75a38 in handle_pending_signal (cpu_env=cpu_env@entry=0x55917a41c2a0, sig=sig@entry=11, + k=k@entry=0x55917a42d190) + at /data/poky-tmp/master/build/work/x86_64-linux/qemu-native/2.10.0-r0/qemu-2.10.0/linux-user/signal.c:6596 + handler = <optimized out> + set = {__val = {4294967297, 4294967297, 94083256460867, 14, 128, 0, 8, 3, 0, 1, 0, 4243635, 139628765215104, + 94083255852784, 94083309703424, 3351315493}} + target_old_set = {sig = {0}} + sa = <optimized out> + ts = 0x55917a42d160 +#3 0x0000559176d765ac in process_pending_signals (cpu_env=<optimized out>) + at /data/poky-tmp/master/build/work/x86_64-linux/qemu-native/2.10.0-r0/qemu-2.10.0/linux-user/signal.c:6674 + sig = 11 + ts = 0x55917a42d160 + set = {__val = {18446744067267100671, 18446744073709551615 <repeats 15 times>}} + blocked_set = <optimized out> +#4 0x0000559176d5e0d8 in cpu_loop (env=0x55917a41c2a0) + at /data/poky-tmp/master/build/work/x86_64-linux/qemu-native/2.10.0-r0/qemu-2.10.0/linux-user/main.c:369 + trapnr = 14 + pc = <optimized out> + ret = <optimized out> + info = {si_signo = 11, si_errno = 0, si_code = 196609, _sifields = {_pad = {101897450, 192, -647518572, 32509, + 842, 0, 1993519912, 21905, 2051194736, 21905, 1997320506, 21905, 2051195440, 21905, 1993546713, 0, + 12767276, 64, 1997233696, 21905, 42, 0, 1997233824, 21905, 1997320464, 21905, 350755584, -1438022877}, + _kill = {_pid = 101897450, _uid = 192}, _timer = {_timer1 = 101897450, _timer2 = 192}, _rt = { + _pid = 101897450, _uid = 192, _sigval = {sival_int = -647518572, sival_ptr = 139628739274388}}, + _sigchld = {_pid = 101897450, _uid = 192, _status = -647518572, _utime = 842, _stime = 94083252138792}, + _sigfault = {_addr = 824735618282}, _sigpoll = {_band = 101897450, _fd = 192}}} +#5 0x0000559176d2a4b8 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) + at /data/poky-tmp/master/build/work/x86_64-linux/qemu-native/2.10.0-r0/qemu-2.10.0/linux-user/main.c:4862 + regs1 = {r15 = 0, r14 = 0, r13 = 0, r12 = 0, rbp = 0, rbx = 0, r11 = 0, r10 = 0, r9 = 0, r8 = 0, rax = 0, + rcx = 0, rdx = 0, rsi = 0, rdi = 0, orig_rax = 0, rip = 274888416832, cs = 0, eflags = 0, + rsp = 274888401360, ss = 0} + regs = 0x7ffda5b29fc0 + info1 = {load_bias = 274888413184, load_addr = 274877906944, start_code = 274877906944, + end_code = 274877917360, start_data = 274880015120, end_data = 274880016400, start_brk = 0, + brk = 274880016472, start_mmap = 183251939328, start_stack = 274888401360, stack_limit = 274880024576, + entry = 274888416832, code_offset = 0, data_offset = 0, saved_auxv = 274888402256, + auxv_len = 18446744073709550728, arg_start = 274888401368, arg_end = 274888401408, + arg_strings = 274888402550, env_strings = 274888402788, file_string = 274888413067, elf_flags = 0, + personality = 0} + info = 0x7ffda5b2a070 + bprm = { + buf = "\177ELF\002\001\001\000\000\000\000\000\000\000\000\000\003\000>\000\001\000\000\000@\016\000\000\000\000\000\000@\000\000\000\000\000\000\000\230`\002\000\000\000\000\000\000\000\000\000@\000\070\000\006\000@\000\027\000\026\000\001\000\000\000\005", '\000' <repeats 27 times>, "\264C\002\000\000\000\000\000\264C\002\000\000\000\000\000\000\000 \000\000\000\000\000\001\000\000\000\006\000\000\000\240G\002\000\000\000\000\000\240G\"\000\000\000\000\000\240G\"\000\000\000\000\000\330\027\000\000\000\000\000\000p\031\000\000\000\000\000\000\000\000 \000\000\000\000\000\002\000\000\000\006\000\000\000\030N\002\000\000\000\000\000\030N\"\000\000\000\000\000"..., p = 274888401360, fd = 3, + e_uid = 1000, e_gid = 1000, argc = 5, envc = 104, argv = 0x55917a42d120, envp = 0x55917a42a8f0, + filename = 0x7ffda5b2c683 "/data/poky-tmp/master/build/work/intel_corei7_64-poky-linux/core-image-weston/1.0-r0/rootfs/usr/bin/fc-cache", core_dump = 0x559176d76ed0 <elf_core_dump>} + ts = <optimized out> + env = 0x55917a41c2a0 + cpu = 0x55917a414010 + target_environ = 0x55917a42a8f0 + wrk = 0x55917a42ac30 + target_argv = 0x55917a42d120 + target_argc = 5 + i = <optimized out> + ret = <optimized out> + execfd = <optimized out> + +(I'll reproduce this with glibc debug symbols shortly) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1716767 b/results/classifier/deepseek-r1:32b/output/runtime/1716767 new file mode 100644 index 000000000..8ae1b92ce --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1716767 @@ -0,0 +1,37 @@ + + + +file(1) fails with "Invalid argument" on qemu-sh4-user + +We recently discovered that file(1) fails on qemu-sh4-user when running on an ELF file: + +(sid_sh4)root@vs94:/# file /bin/bash +/bin/bash: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV) error reading (Invalid argument) +(sid_sh4)root@vs94:/# + +Running with "-d" yields more output: + +(sid_sh4)root@vs94:/# file -d /bin/bash 2>&1 | tail +322: >> 7 byte&,=97,"(ARM)"] +0 == 97 = 0 +mget(type=1, flag=0, offset=7, o=0, nbytes=863324, il=0, nc=1) +mget/96 @7: \000\000\000\000\000\000\000\000\000\002\000*\000\001\000\000\000\250\317A\0004\000\000\000L(\r\000\027\000\000\0004\000 \000\n\000(\000\032\000\031\000\006\000\000\0004\000\000\0004\000@\0004\000@\000@\001\000\000@\001\000\000\005\000\000\000\004\000\000\000\003\000\000\000t\001\000\000t\001@\000t\001@\000\023\000\000 + +323: >> 7 byte&,=-1,"(embedded)"] +0 == 18446744073709551615 = 0 +[try softmagic 1] +[try elf -1] +/bin/bash: ERROR: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV) error reading (Invalid argument) +(sid_sh4)root@vs94:/# + +It seems that the comparison above has a bogus (overflown?) value. + +On actual hardware, it works: + +root@tirpitz:~> file /bin/bash +/bin/bash: ELF 32-bit LSB executable, Renesas SH, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, BuildID[sha1]=4dd0e4281755827d8bb6686fd481f8c80ea73e9a, for GNU/Linux 3.2.0, stripped +root@tirpitz:~> + +I have uploaded a chroot with Debian unstable which allows to reproduce the issue: + +> https://people.debian.org/~glaubitz/sid-sh4-sbuild.tar.gz \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1724485 b/results/classifier/deepseek-r1:32b/output/runtime/1724485 new file mode 100644 index 000000000..6c668c40d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1724485 @@ -0,0 +1,21 @@ + + + +Invalid assertion in arm_read_memory_func + +Hi, + +I think there is an invalid assertion in arm_read_memory_func: +assert(info->endian == BFD_ENDIAN_LITTLE) + +I face it in the following use case: target armeb-linux (I use qemu user mode), -d in_asm -cpu any. + +At some point during program startup, glibc's _dl_new_object calls strlen, which is written in thumb2 mode (armv6t2). So print_insn_arm() calls arm_read_memory_func() with length==2, and info->flags == INSN_ARM_BE32, and the assert is false. + +If I remove the assert, execution continues OK. + +With the assert, I get the error message from the assert, and qemu then stalls. + +Can you confirm the assert can be removed? Or if not, explain me how to avoid/fix the subsequent qemu stall? + +Thanks \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1725267 b/results/classifier/deepseek-r1:32b/output/runtime/1725267 new file mode 100644 index 000000000..544060feb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1725267 @@ -0,0 +1,34 @@ + + + +armeb regression since qemu version 2.8 + +Hi, + +I have noticed a regression when I upgraded from qemu-armeb 2.7 to 2.8, and the problem is still present with version 2.10.1. + +I am using qemu for GCC validation, noticed problems with testcases involving atomics, I'm attaching here atomic-exchange-4.exe. + +# with 2.7: +$ qemu-armeb -cpu any -R 0 -L $PWD -E LD_LIBRARY_PATH=$PWD/lib $PWD/atomic-exchange-4.exe +$ echo $? +0 +# with 2.8, 2.10.1: +$ qemu-armeb -cpu any -R 0 -L $PWD -E LD_LIBRARY_PATH=$PWD/lib $PWD/atomic-exchange-4.exe +qemu: uncaught target signal 6 (Aborted) - core dumped +Aborted (core dumped) +$ echo $? +134 + +The source code is gcc/testsuite/gcc.dg/atomic-exchange-4.c + +Running with -d in_asm shows a difference early in the startup code: +IN: _dl_sysdep_start +[...] +0x40a17790: 908ff103 addls pc, pc, r3, lsl #2 + +and then the next address is not the same with qemu 2.7 and 2.10.1 + +I hope you have enough data/information to reproduce and confirm/fix the problem. + +Thanks \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1734 b/results/classifier/deepseek-r1:32b/output/runtime/1734 new file mode 100644 index 000000000..93a5449a7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1734 @@ -0,0 +1,19 @@ + + + +mmap-ing more than 1GB of files fails on v8.0 of QEMU, but works on older version +Description of problem: +Trying to run an application using QEMU user mode for an ARM binary. My host system is Ubuntu 22.04 based. The v6.2 from Ubuntu repos is able to mmap files that contain more than 1GB of address space, but version 8.0 that I compiled will not. + +I created a repo with a readme, and a simple application that you can use to demonstrate the problem: +https://github.com/mwales/qemu_mmap_test + +Example application simply takes a list of files, mmaps the entire file into memory, and then computes a checksum of the file data. Once the file(s) sizes exceed around 1GB, the mmap calls will fail because the memory from 0x00000000 - 0x40000000 has been exhausted. +Steps to reproduce: +1. Compile test application that mmaps entire files +2. Create 5 256MB test files +3. Run the program tell it to mmap all the files. The first 3 files succeed, but the 4th when run gets a -1 returned from mmap. +Additional information: +Lots of details on my github writeup and a demo of the bug in question. + +It seems that this 1GB limit is an artifact of where QEMU loaded the original ELF binary at (0x40000000). I've also been playing around with moving that address using the -B 0x80000000 option, but I've encountered other problems doing that. As I diagnose that, I figured I would write up this report on what I've seen so far incase I'm doing something dumb / creating a bad build or something. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1735384 b/results/classifier/deepseek-r1:32b/output/runtime/1735384 new file mode 100644 index 000000000..69d4ee82c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1735384 @@ -0,0 +1,23 @@ + + + +OpenJDK JVM segfaults on qemu-sh4 (regression) + +Some of the recent changes introduced a regression which makes the OpenJDK JVM crash on qemu-sh4: + +(sid-sh4-sbuild)root@nofan:/# java -version +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault +(sid-sh4-sbuild)root@nofan:/# + +An older version works fine: + +(sid-sh4-sbuild)root@nofan:/# java -version +openjdk version "9.0.1" +OpenJDK Runtime Environment (build 9.0.1+11-Debian-1) +OpenJDK Zero VM (build 9.0.1+11-Debian-1, interpreted mode) +(sid-sh4-sbuild)root@nofan:/# + +Haven't had time for bisecting this yet. + +Adrian \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1736 b/results/classifier/deepseek-r1:32b/output/runtime/1736 new file mode 100644 index 000000000..4b20e2446 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1736 @@ -0,0 +1,70 @@ + + + +Invalid guest addr in debug output +Description of problem: +When using QEMU 7.1.0 the log file for the first translation block (not starting at 0) looks like this: +(Note the `guest addr 0x00010000`) +``` +IN: +0x00010000: e1a00000 mov r0, r0 +0x00010004: e1a00000 mov r0, r0 +0x00010008: e1a00000 mov r0, r0 +0x0001000c: e1a00000 mov r0, r0 +0x00010010: e1a00000 mov r0, r0 +0x00010014: e1a00000 mov r0, r0 +0x00010018: e1a00000 mov r0, r0 +0x0001001c: e1a00000 mov r0, r0 +0x00010020: ea000005 b #0x1003c + +OUT: [size=47] + -- guest addr 0x00010000 + tb prologue +0x7f95a8000300: 8b 5d f0 movl -0x10(%rbp), %ebx +0x7f95a8000303: 85 db testl %ebx, %ebx +0x7f95a8000305: 0f 8c 18 00 00 00 jl 0x7f95a8000323 + -- guest addr 0x00010020 +0x7f95a800030b: e9 00 00 00 00 jmp 0x7f95a8000310 +0x7f95a8000310: c7 45 3c 3c 00 01 00 movl $0x1003c, 0x3c(%rbp) +0x7f95a8000317: 48 8d 05 22 ff ff ff leaq -0xde(%rip), %rax +0x7f95a800031e: e9 f5 fc ff ff jmp 0x7f95a8000018 +0x7f95a8000323: 48 8d 05 19 ff ff ff leaq -0xe7(%rip), %rax +0x7f95a800032a: e9 e9 fc ff ff jmp 0x7f95a8000018 +``` + +For QEMU 7.2.0 and higher: +(Note the `guest addr` is only the page offset.) +``` +Trace 0: 0x7fe434000100 [00000400/00000000/00000020/ff200000] +---------------- +IN: +0x00010000: e1a00000 mov r0, r0 +0x00010004: e1a00000 mov r0, r0 +0x00010008: e1a00000 mov r0, r0 +0x0001000c: e1a00000 mov r0, r0 +0x00010010: e1a00000 mov r0, r0 +0x00010014: e1a00000 mov r0, r0 +0x00010018: e1a00000 mov r0, r0 +0x0001001c: e1a00000 mov r0, r0 +0x00010020: ea000005 b #0x1003c + +OUT: [size=52] + -- guest addr 0x00000000 + tb prologue +0x7fe434000340: 8b 5d f0 movl -0x10(%rbp), %ebx +0x7fe434000343: 85 db testl %ebx, %ebx +0x7fe434000345: 0f 8c 1d 00 00 00 jl 0x7fe434000368 + -- guest addr 0x00000020 +0x7fe43400034b: 8b 5d 3c movl 0x3c(%rbp), %ebx +0x7fe43400034e: 83 c3 3c addl $0x3c, %ebx +0x7fe434000351: 89 5d 3c movl %ebx, 0x3c(%rbp) +0x7fe434000354: 66 66 90 nop +0x7fe434000357: e9 00 00 00 00 jmp 0x7fe43400035c +0x7fe43400035c: 48 8d 05 1d ff ff ff leaq -0xe3(%rip), %rax +0x7fe434000363: e9 b0 fc ff ff jmp 0x7fe434000018 +0x7fe434000368: 48 8d 05 14 ff ff ff leaq -0xec(%rip), %rax +0x7fe43400036f: e9 a4 fc ff ff jmp 0x7fe434000018 +``` +Steps to reproduce: +1. Run the provided command line for any kernel / system image. (likely other architectures are affected as well) +2. Look into the debug log. +Additional information: +While looking if this was already reported I found #1528 and #1697 which could potentially caused by this. It might as well be just an oversight in the debug output. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1737444 b/results/classifier/deepseek-r1:32b/output/runtime/1737444 new file mode 100644 index 000000000..dd7ef2fd5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1737444 @@ -0,0 +1,96 @@ + + + +gccgo setcontext conftest crashes qemu-sh4 + +While testing gccgo on sh4 to add SH platform definitions to libgo, I discovered that the following conftest program which is part of the libgo configure script crashes on qemu-sh4: + +(sid-sh4-sbuild)root@z6:/# cat setcontext.c +#include <pthread.h> +#include <stdlib.h> +#include <ucontext.h> +#include <unistd.h> + +__thread int tls; + +static char stack[10 * 1024 * 1024]; +static ucontext_t c; + +/* Called via makecontext/setcontext. */ + +static void +cfn (void) +{ + exit (tls); +} + +/* Called via pthread_create. */ + +static void * +tfn (void *dummy) +{ + /* The thread should still see this value after calling + setcontext. */ + tls = 0; + + setcontext (&c); + + /* The call to setcontext should not return. */ + abort (); +} + +int +main () +{ + pthread_t tid; + + /* The thread should not see this value. */ + tls = 1; + + if (getcontext (&c) < 0) + abort (); + + c.uc_stack.ss_sp = stack; +#ifdef MAKECONTEXT_STACK_TOP + c.uc_stack.ss_sp += sizeof stack; +#endif + c.uc_stack.ss_flags = 0; + c.uc_stack.ss_size = sizeof stack; + c.uc_link = NULL; + makecontext (&c, cfn, 0); + + if (pthread_create (&tid, NULL, tfn, NULL) != 0) + abort (); + + if (pthread_join (tid, NULL) != 0) + abort (); + + /* The thread should have called exit. */ + abort (); +} + +(sid-sh4-sbuild)root@z6:/# gcc -o setcontext -lpthread setcontext.c +(sid-sh4-sbuild)root@z6:/# ./setcontext +Unhandled trap: 0x180 +pc=0x7f69235e sr=0x00000000 pr=0x00400710 fpscr=0x00080000 +spc=0x00000000 ssr=0x00000000 gbr=0x7f658478 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0x7f692320 fpul=0x00000000 +r0=0x00e11158 r1=0x00000000 r2=0x00000001 r3=0x7ffff2e0 +r4=0x00e11068 r5=0x7ffff314 r6=0x7ffff31c r7=0x00000000 +r8=0x004007b0 r9=0x00000000 r10=0x00000000 r11=0x00000000 +r12=0x7f79ac54 r13=0x00000000 r14=0x7ffff288 r15=0x7ffff288 +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +(sid-sh4-sbuild)root@z6:/# + +The same code works fine on my Renesas SH7785LCR evaluation board: + +root@tirpitz:~> uname -a +Linux tirpitz 3.16.7-ckt7 #8 PREEMPT Fri Oct 21 18:47:41 CEST 2016 sh4a GNU/Linux +root@tirpitz:~> gcc -o setcontext setcontext.c -lpthread +root@tirpitz:~> ./setcontext +root@tirpitz:~> echo $? +0 +root@tirpitz:~> + +Due to this bug, it is not possible to compile gcc-7 with the Go frontend enabled on qemu-sh4. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1738545 b/results/classifier/deepseek-r1:32b/output/runtime/1738545 new file mode 100644 index 000000000..10955285a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1738545 @@ -0,0 +1,34 @@ + + + +Go binaries panic with "mmap errno 9" on qemu-user + +Go binaries panic with "mmap errno 9" on qemu-user. + +root@nofan:/# cat hello.go +package main + +import "fmt" + +func main() { + fmt.Println("hello world") +} +root@nofan:/# gccgo-7 hello.go -o hello +root@nofan:/# ./hello +mmap errno 9 +fatal error: mmap + +runtime stack: +mmap errno 9 +fatal error: mmap +panic during panic + +runtime stack: +mmap errno 9 +fatal error: mmap +stack trace unavailable +root@nofan:/# + +Tested with qemu from git master with Debian unstable for armel. + +Same binaries work fine on real hardware. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1740219 b/results/classifier/deepseek-r1:32b/output/runtime/1740219 new file mode 100644 index 000000000..9517dedf6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1740219 @@ -0,0 +1,62 @@ + + + +static linux-user ARM emulation has several-second startup time + +static linux-user emulation has several-second startup time + +My problem: I'm a Parabola packager, and I'm updating our +qemu-user-static package from 2.8 to 2.11. With my new +statically-linked 2.11, running `qemu-arm /my/arm-chroot/bin/true` +went from taking 0.006s to 3s! This does not happen with the normal +dynamically linked 2.11, or the old static 2.8. + +What happens is it gets stuck in +`linux-user/elfload.c:init_guest_space()`. What `init_guest_space` +does is map 2 parts of the address space: `[base, base+guest_size]` +and `[base+0xffff0000, base+0xffff0000+page_size]`; where it must find +an acceptable `base`. Its strategy is to `mmap(NULL, guest_size, +...)` decide where the first range is, and then check if that ++0xffff0000 is also available. If it isn't, then it starts trying +`mmap(base, ...)` for the entire address space from low-address to +high-address. + +"Normally," it finds an accaptable `base` within the first 2 tries. +With a static 2.11, it's taking thousands of tries. + +---- + +Now, from my understanding, there are 2 factors working together to +cause that in static 2.11 but not the other builds: + + - 2.11 increased the default `guest_size` from 0xf7000000 to 0xffff0000 + - PIE (and thus ASLR) is disabled for static builds + +For some reason that I don't understand, with the smaller +`guest_size` the initial `mmap(NULL, guest_size, ...)` usually +returns an acceptable address range; but larger `guest_size` makes it +consistently return a block of memory that butts right up against +another already mapped chunk of memory. This isn't just true on the +older builds, it's true with the 2.11 builds if I use the `-R` flag to +shrink the `guest_size` back down to 0xf7000000. That is with +linux-hardened 4.13.13 on x86-64. + +So then, it it falls back to crawling the entire address space; so it +tries base=0x00001000. With ASLR, that probably succeeds. But with +ASLR being disabled on static builds, the text segment is at +0x60000000; which is does not leave room for the needed +0xffff1000-size block before it. So then it tries base=0x00002000. +And so on, more than 6000 times until it finally gets to and passes +the text segment; calling mmap more than 12000 times. + +---- + +I'm not sure what the fix is. Perhaps try to mmap a continuous chunk +of size 0xffff1000, then munmap it and then mmap the 2 chunks that we +actually need. The disadvantage to that is that it does not support +the sparse address space that the current algorithm supports for +`guest_size < 0xffff0000`. If `guest_size < 0xffff0000` *and* the big +mmap fails, then it could fall back to a sparse search; though I'm not +sure the current algorithm is a good choice for it, as we see in this +bug. Perhaps it should inspect /proc/self/maps to try to find a +suitable range before ever calling mmap? \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1741 b/results/classifier/deepseek-r1:32b/output/runtime/1741 new file mode 100644 index 000000000..64d3f1c15 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1741 @@ -0,0 +1,4 @@ + + + +95059f9c313a7fbd7f22e4cdc1977c0393addc7b breaks some 32bit architectures in linux-user on amd64 diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1748612 b/results/classifier/deepseek-r1:32b/output/runtime/1748612 new file mode 100644 index 000000000..3b01e0161 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1748612 @@ -0,0 +1,18 @@ + + + +qemu-user option -strace -D <file> doesn't work + +I have been trying to access qemu -strace output from a script +The main problem was it was on stderr, the strace output was merged with my program's stderr output. +Then I tried to use the -D option, to log the output to a file. +This didn't work even if the log file was created, but it was empty. + +I have looked at the source code and found the print function was not qemu_log with -strace but gemu_log (to be clear it was GEMU NOT QEMU) + + +I have then replaced all gemu_log by qemu_log removed declaration of gemu_log and recompiled, it seems to works just fine right now. + +removed declaration here and here: +https://github.com/qemu/qemu/blob/master/linux-user/main.c#L108 +https://github.com/qemu/qemu/blob/master/linux-user/qemu.h#L203 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1755 b/results/classifier/deepseek-r1:32b/output/runtime/1755 new file mode 100644 index 000000000..09f12d8e8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1755 @@ -0,0 +1,23 @@ + + + +qemu-arm fails to execute a cortex-M binary (page_set_flags: Assertion 'last <= GUEST_ADDR_MAX' failed.) +Description of problem: +I've noticed that qemu-arm (so linux-user mode) fails to execute a binary targeting cortex-M. This used to work until commit +"Make the commpage executable". +Steps to reproduce: +1. Compile a simple hello.c for arm-eabi. If you don't have such a toolchain, you can download one from https://developer.arm.com/downloads/-/arm-gnu-toolchain-downloads For instance https://developer.arm.com/-/media/Files/downloads/gnu/12.2.rel1/binrel/arm-gnu-toolchain-12.2.rel1-x86_64-arm-none-eabi.tar.xz (for an x86_64 linux host) + +2.# compile for cortex-m3: + +3. arm-none-eabi-gcc hello.c -o hello.exe.m3 -mcpu=cortex-m3 -specs=rdimon.specs + +4.qemu-arm -cpu cortex-m3 hello.exe.m3 +.....user-exec.c:492: page_set_flags: Assertion 'last <= GUEST_ADDR_MAX' failed. + +5. # compile for cortex-a9: + +6. arm-none-eabi-gcc hello.c -o hello.exe.a9 -mcpu=cortex-a9 -specs=rdimon.specs + +7. qemu-arm -cpu cortex-a9 hello.exe.a9 +Hello diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1756 b/results/classifier/deepseek-r1:32b/output/runtime/1756 new file mode 100644 index 000000000..cfe5b3d57 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1756 @@ -0,0 +1,46 @@ + + + +qemu8-user on Linux: SIGSEGV because brk(NULL) does not exist +Description of problem: +On Linux, the return value of the system call brk(NULL) need not point to a page that exists. +If so, then qemu8-user will generate SIGSEGV at the next call to brk() with a higher value, +because qemu8 believes that it should maintain contiguous .bss with bytes of value 0. +Thus qemu8-user so calls `memset(g2h_untagged(target_brk), 0, brk_page - target_brk); +in do_brk() at ../linux-user/syscall.c:867, and this generates SIGSEGV at +the non-existent page that covers brk(NULL). + +Instead, the safest thing to do is nothing at all. +Linux deliberately returns a random value for brk(NULL), subject to the conditions +that the value be at least as large as the maximum over all PT_LOAD of (.p_vaddr + .p_memsz), +and "somewhat near" that maximum. The purpose of randomness is to use variability +to interfere with effectiveness of malware, and to expose application coding errors +regarding brk() and sbrk(). If qemu-user wants to preserve contiguous .bss, +then qemu-user should call memset() only if the first page of the range exists. +(As explained in the next paragraph, "contiguous .bss" is a murky concept.) + +Linux itself is partly to blame, because it computes the maximum (.p_vaddr + .p_memsz) +over all the PT_LOAD of the most recent execve(). The most recent execve() seen by +Linux might have no relationship to the state of the address space at the time of +_either_ call to brk(). The app can do arbitrary mmap, munmap, mprotect at any time. +In particular, the run-time de-compressor of UPX does exactly that for a compressed +main program. The maximum computed by Linux is for the compressed program, +which has a different layout than the de-compressed program. + +There is a Linux system call prctl(PR_SET_MM_BRK, new_value) which sets a value +for "the brk", but that syscall tries to validate the new_value based on +the most recent execve(). Once again, that has no relationship to the current +layout of the address space produced by the UPX de-compressor. +Steps to reproduce: +1. build qemu8-x86_64 from +``` +commit fcb237e64f9d026c03d635579c7b288d0008a6e5 (HEAD -> master, origin/master, origin/HEAD) +Merge: 2ff49e96ac c00aac6f14 +Date: Mon Jul 10 09:17:06 2023 +0100 +``` +2. run `build/qemu-x86_64 -strace upx-4.0.2-amd64_linux/upx --version` where the upx +is from https://github.com/upx/upx/releases/download/v4.0.2/upx-4.0.2-amd64_linux.tar.xz +3. output ends with +``` +372621 close(3) = 0 +372621 munmap(0x0000004000803000,3055) = 0 diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1756519 b/results/classifier/deepseek-r1:32b/output/runtime/1756519 new file mode 100644 index 000000000..d6a31f730 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1756519 @@ -0,0 +1,49 @@ + + + +qemu linux-user crash in QOM path canonicalization during do_fork() call to cpu_create + +qemu-riscv64 version 2.11.50 (v2.11.0-2491-g2bb39a657a) crashes running gcc libgomp.c/sort-1.c testsuite test case with the following message: + +(process:11683): GLib-CRITICAL **: g_hash_table_iter_next: assertion 'ri->version == ri->hash_table->version' failed +** +ERROR:qom/object.c:1665:object_get_canonical_path_component: code should not be reached +qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x60139c16 + + +Backtrace obtained via gdb: + +#0 raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:51 +#1 0x0000000060139b21 in abort () at abort.c:79 +#2 0x0000000060100505 in g_assertion_message (domain=domain@entry=0x0, file=file@entry=0x60213ca1 "qom/object.c", line=line@entry=1665, + func=func@entry=0x60214420 <__func__.18106> "object_get_canonical_path_component", message=message@entry=0x7fffe8000cd0 "code should not be reached") + at gtestutils.c:2430 +#3 0x0000000060100586 in g_assertion_message_expr (domain=0x0, file=0x60213ca1 "qom/object.c", line=1665, + func=0x60214420 <__func__.18106> "object_get_canonical_path_component", expr=<optimized out>) at gtestutils.c:2453 +#4 0x0000000060098334 in object_get_canonical_path_component (obj=0x7fffe81340b0) at qom/object.c:1665 +#5 0x0000000060098366 in object_get_canonical_path (obj=0x7fffe81340b0) at qom/object.c:1675 +#6 0x000000006008e152 in device_set_realized (obj=0x7fffe81340b0, value=true, errp=0x7ffff762fe68) at hw/core/qdev.c:874 +#7 0x0000000060098bf4 in property_set_bool (obj=0x7fffe81340b0, v=0x7fffe80fd3c0, name=0x60213694 "realized", opaque=0x7fffe80fd140, errp=0x7ffff762fe68) + at qom/object.c:1926 +#8 0x0000000060096fee in object_property_set (obj=0x7fffe81340b0, v=0x7fffe80fd3c0, name=0x60213694 "realized", errp=0x7ffff762fe68) at qom/object.c:1122 +#9 0x0000000060099ebd in object_property_set_qobject (obj=0x7fffe81340b0, value=0x7fffe80fd310, name=0x60213694 "realized", errp=0x7ffff762fe68) + at qom/qom-qobject.c:27 +#10 0x0000000060097274 in object_property_set_bool (obj=0x7fffe81340b0, value=true, name=0x60213694 "realized", errp=0x7ffff762fe68) at qom/object.c:1191 +#11 0x0000000060092ec5 in cpu_create (typename=0x6250e1a0 "any-riscv-cpu") at qom/cpu.c:61 +#12 0x000000006009301a in cpu_generic_init (typename=0x601dd58f "riscv-cpu", cpu_model=0x601dd527 "any") at qom/cpu.c:98 +#13 0x000000006004cb61 in cpu_copy (env=0x7ffff008cd60) at /opt/qemu/linux-user/main.c:3881 +#14 0x000000006005b79a in do_fork (env=0x7ffff008cd60, flags=4001536, newsp=275531880704, parent_tidptr=275531882704, newtls=275531884288, + child_tidptr=275531882704) at /opt/qemu/linux-user/syscall.c:6348 +#15 0x0000000060063e56 in do_syscall (cpu_env=0x7ffff008cd60, num=220, arg1=4001536, arg2=275531880704, arg3=275531882704, arg4=275531884288, + arg5=275531882704, arg6=275531884288, arg7=0, arg8=0) at /opt/qemu/linux-user/syscall.c:10001 +#16 0x000000006004c89f in cpu_loop (env=0x7ffff008cd60) at /opt/qemu/linux-user/main.c:3600 +#17 0x000000006005b68f in clone_func (arg=0x7ffff7775050) at /opt/qemu/linux-user/syscall.c:6311 +#18 0x0000000060121797 in start_thread (arg=0x7ffff7632700) at pthread_create.c:463 +#19 0x000000006019b4fb in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 + + +Attached is a test case source code extracted from libgomp test suite. + +Note that it is a multi-threaded and requires 5 or more threads to fail. Number of launched threads is controlled by OMP_NUM_THREADS evironment variable, defaulting to number of hardware threads. Changing constants in the test case makes it fail with different numbers of threads. + +I will attach statically linked riscv64 binary executable if size limits permit. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1756807 b/results/classifier/deepseek-r1:32b/output/runtime/1756807 new file mode 100644 index 000000000..3ab520168 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1756807 @@ -0,0 +1,70 @@ + + + +performance regression in qemu-user + proot + +To reproduce: + +1. Install qemu-user-static and proot +2. Enter some arm chroot using them: + + proot -0 -q qemu-arm-static -w / -r chroot/ /bin/bash + +3. Run a command which normally takes a short but measurable amount of time: + + cd /usr/share/doc && time grep -R hello + +Result: + +This is over 100 times slower on 18.04 than it was on 16.04. I am not sure if proot or qemu is causing the problem, but proot version has not changed. Also note that on 16.04 I am using the cloud repo version of qemu, which is newer than 16.04 stock, but still older than 18.04. + +Although system 2 is lower spec than system 1, it should not be this much slower. No other software seems to be affected. + +If required I can supply a chroot tarball. It is essentially just a Debian bootstrap though. + +Logs: + + + +System 1: i7-6700 3.4GHz, 32GB RAM, 512GB Crucial MX100 SSD, Ubuntu 16.04 +qemu-arm version 2.10.1(Debian 1:2.10+dfsg-0ubuntu3.4~cloud0) +proot 5.1.0 + +al@al-desktop:~/rpi-ramdisk/raspbian$ proot -0 -q qemu-arm-static -w / -r root/ /bin/bash +root@al-desktop:/# cd /usr/share/doc +root@al-desktop:/usr/share/doc# time grep -R hello +dash/copyright:Debian GNU/Linux hello source package as the file COPYING. If not, + +real 0m0.066s +user 0m0.040s +sys 0m0.008s + + + + + +System 2: i5-5300U 2.30GHz, 8GB RAM, 256GB Crucial MX300 SSD, Ubuntu 18.04 +qemu-arm version 2.11.1(Debian 1:2.11+dfsg-1ubuntu4) +proot 5.1.0 + +al@al-thinkpad:~/rpi-ramdisk/raspbian$ proot -0 -q qemu-arm-static -w / -r root/ /bin/bash +root@al-thinkpad:/# cd /usr/share/doc +root@al-thinkpad:/usr/share/doc# time grep -R hello +dash/copyright:Debian GNU/Linux hello source package as the file COPYING. If not, + +real 0m24.176s +user 0m0.366s +sys 0m11.352s + +ProblemType: Bug +DistroRelease: Ubuntu 18.04 +Package: qemu (not installed) +ProcVersionSignature: Ubuntu 4.15.0-12.13-generic 4.15.7 +Uname: Linux 4.15.0-12-generic x86_64 +ApportVersion: 2.20.8-0ubuntu10 +Architecture: amd64 +Date: Mon Mar 19 07:13:25 2018 +InstallationDate: Installed on 2018-03-18 (0 days ago) +InstallationMedia: Xubuntu 18.04 LTS "Bionic Beaver" - Alpha amd64 (20180318) +SourcePackage: qemu +UpgradeStatus: No upgrade log present (probably fresh install) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1756927 b/results/classifier/deepseek-r1:32b/output/runtime/1756927 new file mode 100644 index 000000000..7ad0a2c7f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1756927 @@ -0,0 +1,21 @@ + + + +ARMv7 LPAE: IFSR doesn't have the LPAE bit in case of BKPT + +When a user application triggers a 'bkpt' instruction while LPAE is used, the bit [9] of IFSR is not correctly set during the prefetch abort exception. + +You'll find attached a minimal example to reproduce the issue (just run 'make all'). +The output I get is: + +supervisor +user +prefetch +short-descriptor + +The last entry should read 'long-descriptor'. + + +Qemu revision: 48ae1f60d8c9a770e6da64407984d84e25253c69 +Ubuntu verison: 16.04 LTS +Cross Compiler: gcc linaro 6.3.1-2017.02-x86_64_arm-eabi \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1761401 b/results/classifier/deepseek-r1:32b/output/runtime/1761401 new file mode 100644 index 000000000..fc9257bd5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1761401 @@ -0,0 +1,13 @@ + + + +ARM/Neon: vcvt rounding error + +Hello, + +While using QEMU commit 47d3b60858d90ac8a0cc3a72af7f95c96781125a (March 28, 2018), I've noticed failures in one of the GCC ARM/Neon tests. The test passes on hardware, and with QEMU-2.11.0, so it looks like a recent regression. + +The test builds a vector of 4 float32 with "125.9" as value, then converts them to 4 uint32_t. +The expected result is 125, but we get 126 instead. + +Maybe it's just a matter of default rounding mode? \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1761535 b/results/classifier/deepseek-r1:32b/output/runtime/1761535 new file mode 100644 index 000000000..38a8d1bb9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1761535 @@ -0,0 +1,39 @@ + + + +qemu-aarch64-static docker arm64v8/openjdk coredump + +I am using qemu-aarch64-static to run the arm64v8/openjdk official image on my x86 machine. Using QEMU master, I immediately hit a bug which hangs the container. With Ubuntu default version qemu-aarch64 version 2.5.0 (Debian 1:2.5+dfsg-5ubuntu10.24) and qemu-aarch64 version 2.11.1 (v2.11.1-dirty) the hang does not take place. + +To reproduce (and get to the core dump): + +$ /tmp/tmptgyg3nvh/qemu-aarch64-static/qemu-aarch64-static -version +qemu-aarch64 version 2.11.91 (v2.12.0-rc1-5-g47d3b60-dirty) +Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers + +$ docker run -it -v /tmp/tmptgyg3nvh/qemu-aarch64-static:/usr/bin/qemu-aarch64-static arm64v8/openjdk /bin/bash +root@bf75cf45d311:/# javac +Usage: javac <options> <source files> +where possible options include: + -g Generate all debugging info +<...snip...> + @<filename> Read options and filenames from file + +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +...TERMINAL HANGS... + + +To get the core dump, In a separate terminal: + +# snapshot the file system of the hung image +$ docker commit $(docker ps -aqf "name=latest_qemu") qemu_coredump + +# connect with known working qemu +$ docker run -t -v /usr/bin/qemu-aarch64-static:/usr/bin/qemu-aarch64-static -i qemu_coredump /bin/bash + +$$ ls -lat +total 10608 +<snip> +-rw-r--r-- 1 root root 10792960 Mar 29 18:02 qemu_bash_20180329-180251_1.core +drwxrwxrwt 5 root root 4096 Mar 29 18:02 tmp +<snip> \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1763 b/results/classifier/deepseek-r1:32b/output/runtime/1763 new file mode 100644 index 000000000..ed6bf63e6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1763 @@ -0,0 +1,15 @@ + + + +ldd fails with qemu-aarch64 +Description of problem: +see the original issue for full details https://github.com/multiarch/qemu-user-static/issues/172 +Steps to reproduce: +1. docker run --rm -it arm64v8/ubuntu:16.04 ldd /bin/ls + +Also possible on other newer OSs (eg: Ubuntu:18.04) with different compiled binaries. +Additional information: +``` +WARNING: The requested image's platform (linux/arm64/v8) does not match the detected host platform (linux/amd64) and no specific platform was requested +ldd: exited with unknown exit code (139) +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1765970 b/results/classifier/deepseek-r1:32b/output/runtime/1765970 new file mode 100644 index 000000000..627353f18 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1765970 @@ -0,0 +1,64 @@ + + + +qemu-arm (user mode) segfaults in uclibc-ng chroot after upgrade to 2.11.x + +I use a qemu-user chroot + binfmt to build software targetting a raspberry pi. After upgrading from qemu-2.10.1 to 2.11.1 (Gentoo host), I noticed that on my uclibc-ng chroot qemu-arm will segfault when running python and importing the portage module. + +I have bisected qemu down to this commit: + +https://github.com/qemu/qemu/commit/18e80c55bb6ec17c05ec0ba717ec83933c2bfc07 + +If I recompile and change MAX_RESERVED_VA (from the above commit) back to 0x77000000 the problem goes away. NB I have no idea what that does, I just thought I'd see. + + +Other arm chroots (glibc, musl) do not segfault with qemu-2.11, only the uclibc-ng one. Not sure why. + + +The following backtrace was generated from running qemu-arm in gdb and recreating the segfault: + +(gdb) where +#0 0x0000000060726046 in static_code_gen_buffer () +#1 0x0000000060048789 in cpu_tb_exec (cpu=0x6278e310, + itb=0x60725f80 <static_code_gen_buffer+314624>) + at /usr/src/debug/app-emulation/qemu-2.11.1-r2/qemu-2.11.1/accel/tcg/cpu-exec.c:167 +#2 0x000000006004937f in cpu_loop_exec_tb (cpu=0x6278e310, + tb=0x60725f80 <static_code_gen_buffer+314624>, last_tb=0x7fffffffd138, + tb_exit=0x7fffffffd130) + at /usr/src/debug/app-emulation/qemu-2.11.1-r2/qemu-2.11.1/accel/tcg/cpu-exec.c:627 +#3 0x0000000060049600 in cpu_exec (cpu=0x6278e310) + at /usr/src/debug/app-emulation/qemu-2.11.1-r2/qemu-2.11.1/accel/tcg/cpu-exec.c:736 +#4 0x00000000600511c3 in cpu_loop (env=0x627965b0) + at /usr/src/debug/app-emulation/qemu-2.11.1-r2/qemu-2.11.1/linux-user/main.c:585 +#5 0x00000000600534eb in main (argc=4, argv=0x7fffffffd9b8, + envp=0x7fffffffd9e0) + at /usr/src/debug/app-emulation/qemu-2.11.1-r2/qemu-2.11.1/linux-user/main.c:4882 + + + +(gdb) info reg +rax 0x627965b0 1652123056 +rbx 0x62717870 1651603568 +rcx 0x606da000 1617797120 +rdx 0x60726000 1618108416 +rsi 0x60726000 1618108416 +rdi 0x627965b0 1652123056 +rbp 0x7fffffffd0c0 0x7fffffffd0c0 +rsp 0x7fffffffd080 0x7fffffffd080 +r8 0x0 0 +r9 0x2 2 +r10 0x0 0 +r11 0x629280a0 1653768352 +r12 0x60260e40 1613106752 +r13 0x0 0 +r14 0x606a5018 1617580056 +r15 0x0 0 +rip 0x60048789 0x60048789 <cpu_tb_exec+266> +eflags 0x10282 [ SF IF RF ] +cs 0x33 51 +ss 0x2b 43 +ds 0x0 0 +es 0x0 0 +fs 0x0 0 +gs 0x0 0 +(gdb) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1768 b/results/classifier/deepseek-r1:32b/output/runtime/1768 new file mode 100644 index 000000000..3b1bd6194 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1768 @@ -0,0 +1,35 @@ + + + +Could not allocate more than ~2GB with qemu-user +Description of problem: +On qemu-user, failed to allocate more than about 2GB on 32bit platform supporting up to 4GB (arm, ppc, etc.) +Steps to reproduce: +1. Try to allocate more than 2GB [e.g. for(i=0;i<64;i++) if(malloc(64*1024*1024)==NULL) perror("Failed to allocate 64MB");] +2. Only 1 64MB chunck is allocated in the upper 2GB memory space +3. Failed to allocate after about 2GB. +Additional information: +The problem is in **pageflags_find** and **pageflags_next** functions (found in _accel/tcg/user-exec.c_) 3rd parameters, that should be **target_ulong** instead of incorrect _target_long_ (the parameter will be converted signed extended to uint64_t). +The testing program is the following: +``` +#include <stdio.h> +#include <stdlib.h> + +int main(int argc,char *argv[]) { + unsigned int a; + unsigned int i; + char *al; + unsigned int sss=1U*1024*1024*64; + for(a=0;a<128;a++) { + al=malloc(sss); + if(al!=NULL) { + printf("ALLOC OK %u (%08lX)!\n",sss*(a+1),al); + } + else { + printf("Cannot alloc %d\n",(a+1)*sss); + perror("Cannot alloc"); + exit(1); + } + } +} +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1768246 b/results/classifier/deepseek-r1:32b/output/runtime/1768246 new file mode 100644 index 000000000..70b9b9230 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1768246 @@ -0,0 +1,16 @@ + + + +cpu-exec.c:648: cpu_loop_exec_tb: Assertion `use_icount' failed. + +OpenJDK no longer works on qemu-sh4, it previously did after #1735384 was fixed. + +Crash indicates an assertion failure: + +(sid-sh4-sbuild)root@nofan:/# java --version +qemu-sh4-static: /root/qemu/accel/tcg/cpu-exec.c:648: cpu_loop_exec_tb: Assertion `use_icount' failed. +qemu: uncaught target signal 6 (Aborted) - core dumped +Aborted +(sid-sh4-sbuild)root@nofan:/# + +Haven't bi-sected the issue yet, but will do so later. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1773743 b/results/classifier/deepseek-r1:32b/output/runtime/1773743 new file mode 100644 index 000000000..d98167cc5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1773743 @@ -0,0 +1,24 @@ + + + +qemu-user -g xxx -E LD_PROFILE=xxx segfault + +Here is two simple steps to reproduce the bug: + +$ qemu-x86_64 -E LD_PROFILE=libc.so.6 -E LD_PROFILE_OUTPUT=. -g 12345 -L / /bin/ls + +(libc.so and /bin/ls might change on your system, in this case we just need a binary with a profilable needed library) + +In a other window launch: + +$ gdb +(gdb) target remote :12345 +(gdb) c + +At this point qemu will segfault. + +It seems this problem is appends when sigprof passed to gdb. +One way I have found to bypass this: +patch gdbstub.c gdb_handlesig and ignore sig if +sig == TARGET_SIGPROF +(which means now I can't catch sigprof on gdb anymore) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1774149 b/results/classifier/deepseek-r1:32b/output/runtime/1774149 new file mode 100644 index 000000000..55ffb3347 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1774149 @@ -0,0 +1,79 @@ + + + +qemu-user x86_64 x86 gdb call function from gdb doesn't work + +While running qemu user x86_64 x86 with gdb server, calling functions are not working. + +Here is how to reproduce it: + +run in a terminal: +$ qemu-x86_64 -g 12345 -L / /bin/ls + +In another terminal run gdb: +(gdb) file /bin/ls +(gdb) target remote :12345 +(gdb) b _init +(gdb) c +(gdb) call malloc(1) +Could not fetch register "fs_base"; remote failure reply 'E14' + +In other cases we also got the error: +Could not fetch register "orig_rax"; remote failure reply 'E14' + +Here is how I patched it (it is only a workaround): + +diff --git a/gdbstub.c b/gdbstub.c +index 2a94030..5749efe 100644 +--- a/gdbstub.c ++++ b/gdbstub.c +@@ -668,6 +668,11 @@ static int gdb_read_register(CPUState *cpu, uint8_t *mem_buf, int reg) + return r->get_reg(env, mem_buf, reg - r->base_reg); + } + } ++#ifdef TARGET_X86_64 ++ return 8; ++#elif TARGET_I386 ++ return 4; ++#endif + return 0; + } + +(Our guess for this issue was, gdb is requesting for 'fake' registers to know register size) + +Once we patched that, we got another problem while calling functions from gdb: We could call functions, but only once. + +Here is how to reproduce it: +run in a terminal: +$ qemu-x86_64 -g 12345 -L / /bin/ls + +In another terminal run gdb: +(gdb) file /bin/ls +(gdb) target remote :12345 +(gdb) b _init +(gdb) c +(gdb) call malloc(1) +$1 = (void *) 0x620010 +(gdb) call malloc(1) +Cannot access memory at address 0x40007ffb8f + +Here is how we patched it to make it work: + +diff --git a/exec.c b/exec.c +index 03238a3..d303922 100644 +--- a/exec.c ++++ b/exec.c +@@ -2833,7 +2833,7 @@ int cpu_memory_rw_debug(CPUState *cpu, target_ulong addr, + if (!(flags & PAGE_VALID)) + return -1; + if (is_write) { +- if (!(flags & PAGE_WRITE)) ++ if (!(flags & (PAGE_WRITE | PAGE_WRITE_ORG))) + return -1; + /* XXX: this code should not depend on lock_user */ + if (!(p = lock_user(VERIFY_WRITE, addr, l, 0))) + +From what we saw, there is a page which is passed to read-only after first execution, and gdb need to write on that page to put a breakpoint. (on the stack) + +We suspect this is linked to this: +https://qemu.weilnetz.de/w64/2012/2012-06-28/qemu-tech.html#Self_002dmodifying-code-and-translated-code-invalidation \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1777226 b/results/classifier/deepseek-r1:32b/output/runtime/1777226 new file mode 100644 index 000000000..7b39dace9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1777226 @@ -0,0 +1,18 @@ + + + +qemu-user warnings confuse userland applications + +I recently observed that warning messages emitted by qemu-user can confuse applications when reading from stdout/stderr. This was observed with the configure script of OpenJDK-11 on qemu-sh4: + +configure: Found potential Boot JDK using configure arguments +configure: Potential Boot JDK found at /usr/lib/jvm/java-10-openjdk-sh4 is incorrect JDK version (qemu: Unsupported syscall: 318); ignoring +configure: (Your Boot JDK version must be one of: 10 11) +configure: error: The path given by --with-boot-jdk does not contain a valid Boot JDK +configure exiting with result code 1 + +See: https://buildd.debian.org/status/fetch.php?pkg=openjdk-11&arch=sh4&ver=11%7E18-1&stamp=1529119043&raw=0 + +Commenting out the line of code which emits the warning fixes the problem for me and the configure script finishes without problems. + +Thus, qemu should be modified to avoid cluttering stdout or stderr with its own messages and rather send those warnings to a log file or similar. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1779 b/results/classifier/deepseek-r1:32b/output/runtime/1779 new file mode 100644 index 000000000..3264198e0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1779 @@ -0,0 +1,33 @@ + + + +PowerPC AltiVec source vector subnormal values are not flushed to zero +Description of problem: +AltiVec specifies that source and result vectors are flushed to zero (in NJ mode). Only result vectors are flushed to zero. +Steps to reproduce: +1. Compile the attached Rust program (e.g. `cargo +nightly build --target powerpc-unknown-linux-gnu`) +2. Run the program and expect assertions to pass. +3. See assertions fail. +Additional information: +See the offending Rust program: + +``` +#![feature(stdsimd, powerpc_target_feature)] + +use std::arch::powerpc::*; + +#[target_feature(enable = "altivec")] +unsafe fn add(x: f32, y: f32) -> f32 { + let array: [f32; 4] = unsafe { std::mem::transmute(vec_add(vec_splats(x), vec_splats(y))) }; + array[0] +} + +pub fn main() { + let result = unsafe { add(-1.0857398e-38, 0.) }; + assert_eq!(result, 0.); + + // if the input is flushed, the result will be +0 + // if only the output is flushed, the result is -0 + assert!(result.is_sign_positive()); +} +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1779634 b/results/classifier/deepseek-r1:32b/output/runtime/1779634 new file mode 100644 index 000000000..c2c447e8a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1779634 @@ -0,0 +1,38 @@ + + + +qemu-x86_64 on aarch64 reports "Synchronous External Abort" + +Purpose: to run x86_64 utilities on aarch64 platform (Intel/Dell network adapters' firmware upgrade tools) +System: aarch64 server platform, with ubuntu 16.04 (xenial) Linux 4.13.0-45-generic #50~16.04.1-Ubuntu SMP Wed May 30 11:14:25 UTC 2018 aarch64 aarch64 aarch64 GNU/Linux + +Reproduce: +1) build linux-user qemu-x86_64 static from source (tried both version 1.12.0 & 1.11.02) + ./configure --target-list=x86_64-linux-user --disable-system --static --enable-linux-user + +2) install the interpreter into binfmt_misc filesystem + $ cat /proc/sys/fs/binfmt_misc/qemu-x86_64 + enabled + interpreter /usr/local/bin/qemu-x86_64 + flags: + offset 0 + magic 7f454c4602010100000000000000000002003e00 + mask fffffffffffefefcfffffffffffffffffeffffff + +3) packaging Intel/Dell upgrade utilities into docker images, I've published two on docker hub: + REPOSITORY TAG IMAGE ID CREATED SIZE + heyi/dellupdate latest 8e013f5511cd 6 hours ago 210MB + heyi/nvmupdate64e latest 9d2de9d0edaa 3 days ago 451MB + +4) run the docker container on aarch64 server platform: + docker run -it --privileged --network host --volume /usr/local/bin/qemu-x86_64:/usr/local/bin/qemu-x86_64 heyi/dellupdate:latest + +5) finally, within docker container run the upgrade tool: + # ./Network_Firmware_T6VN9_LN_18.5.17_A00.BIN + +Errors: in dmesg it reports excessive 'Synchronous External Abort': + +kernel: [242850.159893] Synchronous External Abort: synchronous external abort (0x92000610) at 0x0000000000429958 +kernel: [242850.169199] Unhandled fault: synchronous external abort (0x92000610) at 0x0000000000429958 + +thanks and best regards, Yi \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1785734 b/results/classifier/deepseek-r1:32b/output/runtime/1785734 new file mode 100644 index 000000000..1346c5a11 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1785734 @@ -0,0 +1,78 @@ + + + +movdqu partial write at page boundary + +In TCG mode, when a 16-byte write instruction (such as movdqu) is executed at a page boundary and causes a page fault, a partial write is executed in the first page. See the attached code for an example. + +Tested on the qemu-3.0.0-rc1 release. + + +% gcc -m32 qemu-bug2.c && ./a.out && echo && qemu-i386 ./a.out +*(0x70000ff8+ 0) = aa +*(0x70000ff8+ 1) = aa +*(0x70000ff8+ 2) = aa +*(0x70000ff8+ 3) = aa +*(0x70000ff8+ 4) = aa +*(0x70000ff8+ 5) = aa +*(0x70000ff8+ 6) = aa +*(0x70000ff8+ 7) = aa +*(0x70000ff8+ 8) = 55 +*(0x70000ff8+ 9) = 55 +*(0x70000ff8+10) = 55 +*(0x70000ff8+11) = 55 +*(0x70000ff8+12) = 55 +*(0x70000ff8+13) = 55 +*(0x70000ff8+14) = 55 +*(0x70000ff8+15) = 55 +page fault: addr=0x70001000 err=0x7 +*(0x70000ff8+ 0) = aa +*(0x70000ff8+ 1) = aa +*(0x70000ff8+ 2) = aa +*(0x70000ff8+ 3) = aa +*(0x70000ff8+ 4) = aa +*(0x70000ff8+ 5) = aa +*(0x70000ff8+ 6) = aa +*(0x70000ff8+ 7) = aa +*(0x70000ff8+ 8) = 55 +*(0x70000ff8+ 9) = 55 +*(0x70000ff8+10) = 55 +*(0x70000ff8+11) = 55 +*(0x70000ff8+12) = 55 +*(0x70000ff8+13) = 55 +*(0x70000ff8+14) = 55 +*(0x70000ff8+15) = 55 + +*(0x70000ff8+ 0) = aa +*(0x70000ff8+ 1) = aa +*(0x70000ff8+ 2) = aa +*(0x70000ff8+ 3) = aa +*(0x70000ff8+ 4) = aa +*(0x70000ff8+ 5) = aa +*(0x70000ff8+ 6) = aa +*(0x70000ff8+ 7) = aa +*(0x70000ff8+ 8) = 55 +*(0x70000ff8+ 9) = 55 +*(0x70000ff8+10) = 55 +*(0x70000ff8+11) = 55 +*(0x70000ff8+12) = 55 +*(0x70000ff8+13) = 55 +*(0x70000ff8+14) = 55 +*(0x70000ff8+15) = 55 +page fault: addr=0x70001000 err=0x6 +*(0x70000ff8+ 0) = 77 +*(0x70000ff8+ 1) = 66 +*(0x70000ff8+ 2) = 55 +*(0x70000ff8+ 3) = 44 +*(0x70000ff8+ 4) = 33 +*(0x70000ff8+ 5) = 22 +*(0x70000ff8+ 6) = 11 +*(0x70000ff8+ 7) = 0 +*(0x70000ff8+ 8) = 55 +*(0x70000ff8+ 9) = 55 +*(0x70000ff8+10) = 55 +*(0x70000ff8+11) = 55 +*(0x70000ff8+12) = 55 +*(0x70000ff8+13) = 55 +*(0x70000ff8+14) = 55 +*(0x70000ff8+15) = 55 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1793539 b/results/classifier/deepseek-r1:32b/output/runtime/1793539 new file mode 100644 index 000000000..9b541f405 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1793539 @@ -0,0 +1,12 @@ + + + +qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x6003ddc5 + +During the build of gedit for RISC-V this error occurs: + +$ qemu-riscv64 -E LD_LIBRARY_PATH=gedit/.libs ./gedit/.libs/gedit +qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x6003ddc5 +qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x600009e4 + +https://build.opensuse.org/package/live_build_log/openSUSE:Factory:RISCV/gedit/standard/riscv64 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1796520 b/results/classifier/deepseek-r1:32b/output/runtime/1796520 new file mode 100644 index 000000000..73bbb8c49 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1796520 @@ -0,0 +1,39 @@ + + + +autogen crashes on qemu-sh4-user after 61dedf2af7 + +Running "autogen --help" crashes on qemu-sh4-user with: + +(sid-sh4-sbuild)root@nofan:/# autogen --help +Unhandled trap: 0x180 +pc=0xf64dd2de sr=0x00000000 pr=0xf63b9c74 fpscr=0x00080000 +spc=0x00000000 ssr=0x00000000 gbr=0xf61102a8 vbr=0x00000000 +sgr=0x00000000 dbr=0x00000000 delayed_pc=0xf64dd2a0 fpul=0x00000003 +r0=0xf6fc1320 r1=0x00000000 r2=0xffff5dc4 r3=0xf67bfb50 +r4=0xf6fc1230 r5=0xf6fc141c r6=0x000003ff r7=0x00000000 +r8=0x00000004 r9=0xf63e20bc r10=0xf6fc141c r11=0xf63e28f0 +r12=0xf63e2258 r13=0xf63eae1c r14=0x00000804 r15=0xf6fc1220 +r16=0x00000000 r17=0x00000000 r18=0x00000000 r19=0x00000000 +r20=0x00000000 r21=0x00000000 r22=0x00000000 r23=0x00000000 +(sid-sh4-sbuild)root@nofan:/# + +Bi-secting found this commit to be the culprit: + +61dedf2af79fb5866dc7a0f972093682f2185e17 is the first bad commit +commit 61dedf2af79fb5866dc7a0f972093682f2185e17 +Author: Richard Henderson <email address hidden> +Date: Tue Jul 18 10:02:50 2017 -1000 + + target/sh4: Add missing FPSCR.PR == 0 checks + + Both frchg and fschg require PR == 0, otherwise undefined_operation. + + Reviewed-by: Aurelien Jarno <email address hidden> + Signed-off-by: Richard Henderson <email address hidden> + Message-Id: <email address hidden> + Signed-off-by: Aurelien Jarno <email address hidden> + +:040000 040000 980d79b69ae712f23a1e4c56983e97a843153b4a 1024c109f506c7ad57367c63bc8bbbc8a7a36cd7 M target + +Reverting 61dedf2af79fb5866dc7a0f972093682f2185e17 fixes the problem for me. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1798 b/results/classifier/deepseek-r1:32b/output/runtime/1798 new file mode 100644 index 000000000..4d67e4936 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1798 @@ -0,0 +1,4 @@ + + + +conversions of malloc/calloc/free to g_malloc/g_new/g_free etc diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1799200 b/results/classifier/deepseek-r1:32b/output/runtime/1799200 new file mode 100644 index 000000000..4048274d2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1799200 @@ -0,0 +1,43 @@ + + + +null pointer dereference in tcg_emit_op + +I am insert a custom tcg helper function in i386_tr_insn_start for trace the instructions. + +most of time the qemu runed ok ,but when execute some special software will lead to crash. + + +the below is the insert code: +======================================================================================= + + 8514 static void i386_tr_insn_start(DisasContextBase *dcbase, CPUState *cpu) + 8515 { + 8516 DisasContext *dc = container_of(dcbase, DisasContext, base); + 8517 TCGv_ptr ptr= tcg_const_ptr((void*)cpu); // inserted hepler code + 8518 gen_helper_mad_exec(ptr);// insert helper code + 8519 tcg_gen_insn_start(dc->base.pc_next, dc->cc_op); + 8520 } +====================================================================================== + +below is the callstack + +#0 0x000055555581df5e in tcg_emit_op (opc=opc@entry=INDEX_op_movi_i64) at /root/qemu/tcg/tcg.c:2205 +#1 0x0000555555825911 in tcg_gen_op2 (opc=opc@entry=INDEX_op_movi_i64, a1=140734736923704, a2=a2@entry=792) at /root/qemu/tcg/tcg-op.c:53 +#2 0x000055555581d713 in tcg_const_i64 (opc=INDEX_op_movi_i64, a2=792, a1=0x7378) at /root/qemu/tcg/tcg-op.h:109 +#3 0x000055555581d713 in tcg_const_i64 (arg=792, ret=<optimized out>) at /root/qemu/tcg/tcg-op.h:579 +#4 0x000055555581d713 in tcg_const_i64 (val=val@entry=792) at /root/qemu/tcg/tcg.c:1314 +#5 0x000055555582732d in tcg_gen_addi_i64 (ret=0xd18, arg1=0x378, arg2=arg2@entry=792) at /root/qemu/tcg/tcg-op.c:1200 +#6 0x000055555590ffaf in gen_sse (b=792, a=<optimized out>, r=<optimized out>) at /root/qemu/tcg/tcg-op.h:1258 +#7 0x000055555590ffaf in gen_sse (env=env@entry=0x5555567424d0, s=s@entry=0x7fffea99a610, b=b@entry=366, pc_start=pc_start@entry=4513509698, rex_r=rex_r@entry=0) at /root/qemu/target/i386/translate.c:3150 +#8 0x0000555555911d7f in disas_insn (s=s@entry=0x7fffea99a610, cpu=<optimized out>) at /root/qemu/target/i386/translate.c:8336 +#9 0x00005555559207a0 in i386_tr_translate_insn (dcbase=0x7fffea99a610, cpu=<optimized out>) at /root/qemu/target/i386/translate.c:8543 +#10 0x0000555555892649 in translator_loop (ops=0x55555622dee0 <i386_tr_ops>, db=0x7fffea99a610, cpu=0x55555673a220, tb=<optimized out>) at /root/qemu/accel/tcg/translator.c:110 +#11 0x00005555559209ef in gen_intermediate_code (cpu=cpu@entry=0x55555673a220, tb=tb@entry=0x7fff70682040 <code_gen_buffer+208150547>) at /root/qemu/target/i386/translate.c:8605 +#12 0x0000555555891437 in tb_gen_code (cpu=cpu@entry=0x55555673a220, pc=pc@entry=4513506448, cs_base=cs_base@entry=0, flags=flags@entry=4244147, cflags=cflags@entry=0) at /root/qemu/accel/tcg/translate-all.c:1728 +#13 0x000055555588f97b in cpu_exec (cf_mask=0, tb_exit=0, last_tb=0x0, cpu=0x0) at /root/qemu/accel/tcg/cpu-exec.c:410 +#14 0x000055555588f97b in cpu_exec (cpu=cpu@entry=0x55555673a220) at /root/qemu/accel/tcg/cpu-exec.c:734 +#15 0x000055555584b152 in tcg_cpu_exec (cpu=0x55555673a220) at /root/qemu/cpus.c:1405 +#16 0x000055555584d1b8 in qemu_tcg_rr_cpu_thread_fn (arg=<optimized out>) at /root/qemu/cpus.c:1505 +#17 0x00007ffff2585e25 in start_thread () at /lib64/libpthread.so.0 +#18 0x00007ffff22afbad in clone () at /lib64/libc.so.6 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1805 b/results/classifier/deepseek-r1:32b/output/runtime/1805 new file mode 100644 index 000000000..970804b2f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1805 @@ -0,0 +1,69 @@ + + + +build-user-hexagon CI job is not actually testing hexagon +Description of problem: +Look at the output from the `build-user-hexagon` CI job and see what compiler meson reports it is using: + + https://gitlab.com/qemu-project/qemu/-/jobs/4790457871 + +``` +Project name: qemu +Project version: 8.0.91 +C compiler for the host machine: cc -m64 -mcx16 (gcc 10.2.1 "cc (Debian 10.2.1-6) 10.2.1 20210110") +C linker for the host machine: cc -m64 -mcx16 ld.bfd 2.35.2 +Host machine cpu family: x86_64 +Host machine cpu: x86_64 +``` + +What is 'cc' resolving to ? + +``` +$ podman run -it registry.gitlab.com/qemu-project/qemu/qemu/debian-hexagon-cross cc -v | grep Target +Target: x86_64-linux-gnu +``` + +That is a x86_64 target native compiler, not a hexagon target cross compiler. + +The ``tests/docker/dockerfiles/debian-hexagon-cross.docker`` file installs the hexagon toolchain under ``/opt`` and adds the dir to ``$PATH`` with: + +``` +ENV PATH $PATH:${TOOLCHAIN_INSTALL}/${TOOLCHAIN_BASENAME}/x86_64-linux-gnu/bin +``` + +This toolchain just installs a `clang` binary, not ``cc`` + +So when ``configure`` runs it looks for ``cc`` first and finds the naitve x86_64 GCC install from the container, not the clang cross compiler + +It is also not possible to merely set ``CC=clang`` because meson will assume it is a native compiler and crash and burn when unable to run binaries + +``` +# CC=clang ./configure --target-list=x86_64-softmmu +Using './build' as the directory for build output +...snip... +Sphinx not found/usable, disabling docs. +Disabling PIE due to missing toolchain support +The Meson build system +Version: 1.2.0 +Source dir: /qemu +Build dir: /qemu/build +Build type: native build +Project name: qemu +Project version: 8.0.92 + +../meson.build:1:0: ERROR: Executables created by c compiler clang -m64 -mcx16 are not runnable. +``` + +AFAICT, the root problem here is that the hexagon container is not setup in the same way as the other cross compiler containers. + +We need the toolchain binaries to be named after the target triplet - ie not ``clang`` but ``hexagon-unknown-linux-musl-clang`` + +This used to be done but was thrown away when switching to a pre-built toolchain in b9052d36342c947b36447558ed0a0dd3fb3fb8f4 + +Then the container also needs to set the configure args for the cross target + +``` +ENV QEMU_CONFIGURE_OPTS --cross-prefix=hexagon-unknown-linux-musl- +``` + +AFAICT, this was never done, so even before switching to the pre-built toolchain, I think the `build-user-hexagon` CI job was running a native built not hexagon build. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1807 b/results/classifier/deepseek-r1:32b/output/runtime/1807 new file mode 100644 index 000000000..aee76b466 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1807 @@ -0,0 +1,27 @@ + + + +sparc64 always segfaults doesn't work on Ubuntu 23.04 +Description of problem: +It segfaults when it tries to use 'printf' or 'puts' to print to the screen. +Steps to reproduce: +Do the following at the command line + +``` +$ sparc64-linux-gnu-g++ --version +sparc64-linux-gnu-g++ (Ubuntu 12.2.0-14ubuntu2) 12.2.0 +Copyright (C) 2022 Free Software Foundation, Inc. +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +$ echo -e "#include <stdio.h> \n int main(void) { puts(\"Hello World\"); }" > test.cpp +$ sparc64-linux-gnu-g++ -o test test.cpp -static +$ qemu-sparc64-static --version +qemu-sparc64 version 7.2.0 (Debian 1:7.2+dfsg-5ubuntu2) +Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers +$ qemu-sparc64-static ./test +Segmentation fault (core dumped) +$ qemu-sparc-static ./test +qemu-sparc-static: ./test: Invalid ELF image for this architecture +$ qemu-sparc32plus-static ./test +qemu-sparc32plus-static: ./test: Invalid ELF image for this architecture +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1808563 b/results/classifier/deepseek-r1:32b/output/runtime/1808563 new file mode 100644 index 000000000..c92c9e47d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1808563 @@ -0,0 +1,20 @@ + + + +Listing the contents of / lists QEMU_LD_PREFIX instead + +Seeing this in qemu-user version 3.1.0 + +Demo: +$ QEMU_LD_PREFIX=$(pwd)/usr/armv7a-cros-linux-gnueabi ../run/qemu-arm /tmp/coreutils --coreutils-prog=ls / +etc lib usr +$ ls / +boot etc lib lib64 lost+found mnt root sbin sys usr +bin dev export home lib32 net proc run tmp var +$ ls usr/armv7a-cros-linux-gnueabi +etc lib usr + +In strace, the openat for "/" is remapped to the directory specified in QEMU_LD_PREFIX: +[pid 5302] openat(AT_FDCWD, "/tmp/qemu/usr/armv7a-cros-linux-gnueabi", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 3 + +As an aside, if I change the code to do chdir("/"); opendir("."); it works fine. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1808565 b/results/classifier/deepseek-r1:32b/output/runtime/1808565 new file mode 100644 index 000000000..e7558e3b6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1808565 @@ -0,0 +1,10 @@ + + + +Reading /proc/self/task/<pid>/maps is not remapped to the target + +Seeing this in qemu-user 3.1.0 + +The code in is_proc_myself which supports remapping of /proc/self/maps and /proc/<pid>/maps does not support remapping of /proc/self/task/<pid>/maps or /proc/<pid>/task/<pid>/maps. Extending is_proc_myself to cover these cases causes the maps to be rewritten correctly. + +These are useful in multithreaded programs to avoid freezing the entire program to capture the maps for a single tid. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1812 b/results/classifier/deepseek-r1:32b/output/runtime/1812 new file mode 100644 index 000000000..014e2dbf4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1812 @@ -0,0 +1,28 @@ + + + +older programs running under qemu-aarch64 segfaults +Description of problem: +Numerous aarch64 programs segfaults when run under qemu-aarch64. +Steps to reproduce: +1. Install an arm64 chroot (with working qemu-aarch64 binfmt_misc setup): +``` +debootstrap --variant=minbase --arch=arm64 jessie /tmp/jessie-arm64/ http://archive.debian.org/debian +or +debootstrap --variant=minbase --arch=arm64 xenial /tmp/xenial-arm64/ http://ports.ubuntu.com/ +``` +2. build qemu-aarch64; cp qemu-aarch64 /tmp/jessie-arm64/ +3. chroot /tmp/jessie-arm64/ +4. ./qemu-aarch64 /bin/ls +``` +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault +``` +Additional information: +Old userspace (eg Debian jessie, Ubuntu xenial) does not work within qemu 8.1-rc2 aarch64 linux-user emulation, since commit 59b6b42cd3446862567637f3a7ab31d69c9bef51 . My guess is that old userspace isn't prepared for recent CPU features, but it still smells strange. + +Not all programs segfaults. dash works, ls or bash does not. + +A chroot is easier in this case, since many old programs don't run inside current environment, like asserting while reading locale-specific information. To run debootstrap and to enter the resulting chroot, a working qemu-aarch64 binfmt_misc setup is needed. + +Reverting the mentioned commit makes everything work again. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1812451 b/results/classifier/deepseek-r1:32b/output/runtime/1812451 new file mode 100644 index 000000000..208d03c34 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1812451 @@ -0,0 +1,17 @@ + + + +In windows host, tftp arbitrary file read vulnerability + +https://github.com/qemu/qemu/blob/master/slirp/tftp.c#L343 + + if (!strncmp(req_fname, "../", 3) || + req_fname[strlen(req_fname) - 1] == '/' || + strstr(req_fname, "/../")) { + tftp_send_error(spt, 2, "Access violation", tp); + return; + } + +There are file path check for not allowing escape tftp directory. +But, in windows, file path is separated by "\" backslash. +So, guest can read arbitrary file in Windows host. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1812861 b/results/classifier/deepseek-r1:32b/output/runtime/1812861 new file mode 100644 index 000000000..6acdc2c36 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1812861 @@ -0,0 +1,25 @@ + + + +QEMU in user-mode emulation mode crashes when the user program jumps to an invalid address + +Running this code: + +void (*func)() = 0x12345678; + +int main() +{ + func(); + return 0; +} + +Produces the following output: + +qemu-arm-static: /build/qemu-DqynNa/qemu-2.8+dfsg/translate-all.c:175: tb_lock: Assertion `!have_tb_lock' failed. +qemu-arm-static: /build/qemu-DqynNa/qemu-2.8+dfsg/translate-all.c:175: tb_lock: Assertion `!have_tb_lock' failed. +Segmentation fault + +The expected result is as follows: + +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1813398 b/results/classifier/deepseek-r1:32b/output/runtime/1813398 new file mode 100644 index 000000000..cf95330de --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1813398 @@ -0,0 +1,44 @@ + + + +qemu user calls malloc after fork in multi-threaded process + +qemu user may hang in malloc on a musl based system because +it calls malloc after fork (in a pthread_atfork handler) +in the child process. + +this is undefined behaviour since the parent process is +multi-threaded and only as-safe functions may be called +in the child then. (if malloc/free is called concurrently +with fork the malloc state will be corrupted in the child, +it works on glibc because glibc takes the malloc locks +before the fork syscall, but that breaks the as-safety of +fork and thus non-conforming to posix) + +discussed at +https://www.openwall.com/lists/musl/2019/01/26/1 + +the bug is hard to reproduce (requires the call_rcu thread +to call free concurrently with do_fork in the main thread), +this one is observed with qemu-arm 3.1.0 running on x86_64 +executing an arm busybox sh: + +(gdb) bt +#0 malloc (n=<optimized out>, n@entry=9) at src/malloc/malloc.c:306 +#1 0x0000000060184ad3 in g_malloc (n_bytes=n_bytes@entry=9) at gmem.c:99 +#2 0x000000006018bcab in g_strdup (str=<optimized out>, str@entry=0x60200abf "call_rcu") at gstrfuncs.c:363 +#3 0x000000006016e31d in qemu_thread_create (thread=thread@entry=0x7ffe367d1870, name=name@entry=0x60200abf "call_rcu", + start_routine=start_routine@entry=0x60174c00 <call_rcu_thread>, arg=arg@entry=0x0, mode=mode@entry=1) + at /home/pmos/build/src/qemu-3.1.0/util/qemu-thread-posix.c:526 +#4 0x0000000060174b99 in rcu_init_complete () at /home/pmos/build/src/qemu-3.1.0/util/rcu.c:327 +#5 0x00000000601c4fac in __fork_handler (who=1) at src/thread/pthread_atfork.c:26 +#6 0x00000000601be8db in fork () at src/process/fork.c:33 +#7 0x000000006009d191 in do_fork (env=0x627aaed0, flags=flags@entry=17, newsp=newsp@entry=0, parent_tidptr=parent_tidptr@entry=0, + newtls=newtls@entry=0, child_tidptr=child_tidptr@entry=0) at /home/pmos/build/src/qemu-3.1.0/linux-user/syscall.c:5528 +#8 0x00000000600af894 in do_syscall1 (cpu_env=cpu_env@entry=0x627aaed0, num=num@entry=2, arg1=arg1@entry=0, arg2=arg2@entry=-8700192, + arg3=<optimized out>, arg4=8, arg5=1015744, arg6=-74144, arg7=0, arg8=0) at /home/pmos/build/src/qemu-3.1.0/linux-user/syscall.c:7042 +#9 0x00000000600a835c in do_syscall (cpu_env=cpu_env@entry=0x627aaed0, num=2, arg1=0, arg2=-8700192, arg3=<optimized out>, + arg4=<optimized out>, arg5=1015744, arg6=-74144, arg7=0, arg8=0) at /home/pmos/build/src/qemu-3.1.0/linux-user/syscall.c:11533 +#10 0x00000000600c265f in cpu_loop (env=env@entry=0x627aaed0) at /home/pmos/build/src/qemu-3.1.0/linux-user/arm/cpu_loop.c:360 +#11 0x00000000600417a2 in main (argc=<optimized out>, argv=0x7ffe367d57b8, envp=<optimized out>) + at /home/pmos/build/src/qemu-3.1.0/linux-user/main.c:819 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1814128 b/results/classifier/deepseek-r1:32b/output/runtime/1814128 new file mode 100644 index 000000000..7b23ecb00 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1814128 @@ -0,0 +1,158 @@ + + + +qemu-user fails to set up a reasonable brk for static-pie + +static pie binaries may not get a reasonable brk, +with glibc this means they crash in early tls setup code: +https://sourceware.org/bugzilla/show_bug.cgi?id=24152 + +qemu seems to put brk at the end of the data segment, +but if the stack starts (ends) right next to it then +allocation with brk fails. + +in such situation i think qemu should arrange the +stack or brk to be elsewhere so there is plenty +space to grow (in case of glibc it's enough if tls +setup works: later allocations can fall back to mmap). + +(ubuntu bionic x86_64 ldconfig.real from libc-bin package) +$ qemu-x86_64 -strace -d page /sbin/ldconfig.real +host mmap_min_addr=0x8000 +guest_base 0x0 +start end size prot +0000004000000000-00000040000f2000 00000000000f2000 r-x +00000040000f2000-00000040002f2000 0000000000200000 --- +00000040002f2000-00000040002fa000 0000000000008000 rw- +00000040002fa000-00000040002fb000 0000000000001000 --- +00000040002fb000-0000004000afb000 0000000000800000 rw- +start_brk 0x0000000000000000 +end_code 0x00000040000f1ee8 +start_code 0x0000004000000000 +start_data 0x00000040002f2838 +end_data 0x00000040002f8518 +start_stack 0x0000004000afa130 +brk 0x00000040002f9dd8 +entry 0x0000004000009bc0 +argv_start 0x0000004000afa138 +env_start 0x0000004000afa148 +auxv_start 0x0000004000afa280 +28561 brk(NULL) = 0x00000040002fa000 +28561 brk(0x00000040002fb1c0) = 0x00000040002fa000 +--- SIGSEGV {si_signo=SIGSEGV, si_code=1, si_addr=0xffffffffffffffc0} --- +qemu: uncaught target signal 11 (Segmentation fault) - core dumped + +$ readelf -hldSW /tmp/ldconfig.real +ELF Header: + Magic: 7f 45 4c 46 02 01 01 03 00 00 00 00 00 00 00 00 + Class: ELF64 + Data: 2's complement, little endian + Version: 1 (current) + OS/ABI: UNIX - GNU + ABI Version: 0 + Type: DYN (Shared object file) + Machine: Advanced Micro Devices X86-64 + Version: 0x1 + Entry point address: 0x9bc0 + Start of program headers: 64 (bytes into file) + Start of section headers: 1022920 (bytes into file) + Flags: 0x0 + Size of this header: 64 (bytes) + Size of program headers: 56 (bytes) + Number of program headers: 8 + Size of section headers: 64 (bytes) + Number of section headers: 38 + Section header string table index: 37 + +Section Headers: + [Nr] Name Type Address Off Size ES Flg Lk Inf Al + [ 0] NULL 0000000000000000 000000 000000 00 0 0 0 + [ 1] .note.ABI-tag NOTE 0000000000000200 000200 000020 00 A 0 0 4 + [ 2] .note.gnu.build-id NOTE 0000000000000220 000220 000024 00 A 0 0 4 + [ 3] .gnu.hash GNU_HASH 0000000000000248 000248 00001c 00 A 4 0 8 + [ 4] .dynsym DYNSYM 0000000000000268 000268 000018 18 A 5 1 8 + [ 5] .dynstr STRTAB 0000000000000280 000280 000001 00 A 0 0 1 + [ 6] .rela.dyn RELA 0000000000000288 000288 008748 18 A 4 0 8 + [ 7] .rela.plt RELA 00000000000089d0 0089d0 000318 18 AI 4 27 8 + [ 8] .init PROGBITS 0000000000008ce8 008ce8 000017 00 AX 0 0 4 + [ 9] .plt PROGBITS 0000000000008d00 008d00 000270 10 AX 0 0 16 + [10] .plt.got PROGBITS 0000000000008f70 008f70 000060 08 AX 0 0 8 + [11] .text PROGBITS 0000000000008fd0 008fd0 0bd29c 00 AX 0 0 16 + [12] __libc_freeres_fn PROGBITS 00000000000c6270 0c6270 0016b3 00 AX 0 0 16 + [13] __libc_thread_freeres_fn PROGBITS 00000000000c7930 0c7930 00108f 00 AX 0 0 16 + [14] .fini PROGBITS 00000000000c89c0 0c89c0 000009 00 AX 0 0 4 + [15] .rodata PROGBITS 00000000000c89e0 0c89e0 01af08 00 A 0 0 32 + [16] .stapsdt.base PROGBITS 00000000000e38e8 0e38e8 000001 00 A 0 0 1 + [17] .eh_frame_hdr PROGBITS 00000000000e38ec 0e38ec 001f94 00 A 0 0 4 + [18] .eh_frame PROGBITS 00000000000e5880 0e5880 00c5b8 00 A 0 0 8 + [19] .gcc_except_table PROGBITS 00000000000f1e38 0f1e38 0000b0 00 A 0 0 1 + [20] .tdata PROGBITS 00000000002f2838 0f2838 000028 00 WAT 0 0 8 + [21] .tbss NOBITS 00000000002f2860 0f2860 000040 00 WAT 0 0 8 + [22] .init_array INIT_ARRAY 00000000002f2860 0f2860 000010 08 WA 0 0 8 + [23] .fini_array FINI_ARRAY 00000000002f2870 0f2870 000010 08 WA 0 0 8 + [24] .data.rel.ro PROGBITS 00000000002f2880 0f2880 0034c4 00 WA 0 0 32 + [25] .dynamic DYNAMIC 00000000002f5d48 0f5d48 0001a0 10 WA 5 0 8 + [26] .got PROGBITS 00000000002f5ee8 0f5ee8 000110 08 WA 0 0 8 + [27] .got.plt PROGBITS 00000000002f6000 0f6000 000148 08 WA 0 0 8 + [28] .data PROGBITS 00000000002f6160 0f6160 001bd4 00 WA 0 0 32 + [29] __libc_subfreeres PROGBITS 00000000002f7d38 0f7d38 000060 00 WA 0 0 8 + [30] __libc_IO_vtables PROGBITS 00000000002f7da0 0f7da0 000768 00 WA 0 0 32 + [31] __libc_atexit PROGBITS 00000000002f8508 0f8508 000008 00 WA 0 0 8 + [32] __libc_thread_subfreeres PROGBITS 00000000002f8510 0f8510 000008 00 WA 0 0 8 + [33] .bss NOBITS 00000000002f8520 0f8518 001890 00 WA 0 0 32 + [34] __libc_freeres_ptrs NOBITS 00000000002f9db0 0f8518 000028 00 WA 0 0 8 + [35] .note.stapsdt NOTE 0000000000000000 0f8518 0014cc 00 0 0 4 + [36] .gnu_debuglink PROGBITS 0000000000000000 0f99e4 000034 00 0 0 4 + [37] .shstrtab STRTAB 0000000000000000 0f9a18 0001ab 00 0 0 1 +Key to Flags: + W (write), A (alloc), X (execute), M (merge), S (strings), I (info), + L (link order), O (extra OS processing required), G (group), T (TLS), + C (compressed), x (unknown), o (OS specific), E (exclude), + l (large), p (processor specific) + +Program Headers: + Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align + LOAD 0x000000 0x0000000000000000 0x0000000000000000 0x0f1ee8 0x0f1ee8 R E 0x200000 + LOAD 0x0f2838 0x00000000002f2838 0x00000000002f2838 0x005ce0 0x0075a0 RW 0x200000 + DYNAMIC 0x0f5d48 0x00000000002f5d48 0x00000000002f5d48 0x0001a0 0x0001a0 RW 0x8 + NOTE 0x000200 0x0000000000000200 0x0000000000000200 0x000044 0x000044 R 0x4 + TLS 0x0f2838 0x00000000002f2838 0x00000000002f2838 0x000028 0x000068 R 0x8 + GNU_EH_FRAME 0x0e38ec 0x00000000000e38ec 0x00000000000e38ec 0x001f94 0x001f94 R 0x4 + GNU_STACK 0x000000 0x0000000000000000 0x0000000000000000 0x000000 0x000000 RW 0x10 + GNU_RELRO 0x0f2838 0x00000000002f2838 0x00000000002f2838 0x0037c8 0x0037c8 R 0x1 + + Section to Segment mapping: + Segment Sections... + 00 .note.ABI-tag .note.gnu.build-id .gnu.hash .dynsym .dynstr .rela.dyn .rela.plt .init .plt .plt.got .text __libc_freeres_fn __libc_thread_freeres_fn .fini .rodata .stapsdt.base .eh_frame_hdr .eh_frame .gcc_except_table + 01 .tdata .init_array .fini_array .data.rel.ro .dynamic .got .got.plt .data __libc_subfreeres __libc_IO_vtables __libc_atexit __libc_thread_subfreeres .bss __libc_freeres_ptrs + 02 .dynamic + 03 .note.ABI-tag .note.gnu.build-id + 04 .tdata .tbss + 05 .eh_frame_hdr + 06 + 07 .tdata .init_array .fini_array .data.rel.ro .dynamic .got + +Dynamic section at offset 0xf5d48 contains 22 entries: + Tag Type Name/Value + 0x000000000000000c (INIT) 0x8ce8 + 0x000000000000000d (FINI) 0xc89c0 + 0x0000000000000019 (INIT_ARRAY) 0x2f2860 + 0x000000000000001b (INIT_ARRAYSZ) 16 (bytes) + 0x000000000000001a (FINI_ARRAY) 0x2f2870 + 0x000000000000001c (FINI_ARRAYSZ) 16 (bytes) + 0x000000006ffffef5 (GNU_HASH) 0x248 + 0x0000000000000005 (STRTAB) 0x280 + 0x0000000000000006 (SYMTAB) 0x268 + 0x000000000000000a (STRSZ) 1 (bytes) + 0x000000000000000b (SYMENT) 24 (bytes) + 0x0000000000000015 (DEBUG) 0x0 + 0x0000000000000003 (PLTGOT) 0x2f6000 + 0x0000000000000002 (PLTRELSZ) 792 (bytes) + 0x0000000000000014 (PLTREL) RELA + 0x0000000000000017 (JMPREL) 0x89d0 + 0x0000000000000007 (RELA) 0x288 + 0x0000000000000008 (RELASZ) 34632 (bytes) + 0x0000000000000009 (RELAENT) 24 (bytes) + 0x000000006ffffffb (FLAGS_1) Flags: PIE + 0x000000006ffffff9 (RELACOUNT) 1443 + 0x0000000000000000 (NULL) 0x0 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1818483 b/results/classifier/deepseek-r1:32b/output/runtime/1818483 new file mode 100644 index 000000000..a05053f1c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1818483 @@ -0,0 +1,45 @@ + + + +qemu user mode does not support binfmt_misc config with flags include "P" + +Hi Sir: +During our test in chroot environment with qemu-user-static, we got some test cases failed because of program output warning with unexpected full path name. +For example in test module "Devscripts" +the test item for broken tarball expected the warning info: +<tar: This does not look like a tar archive +tar: ******* > +but the output was: +</bin/tar: This does not look like a tar archive +/bin/tar: ******> +the cause is the config file of binfmt_misc was set not to send argv0, for example: +type command "tar" after chroot: +========================== +lpeng@lpeng-VirtualBox:~/projects_lpeng/qemu/mips_2/sid$ sudo chroot . +[sudo] password for lpeng: +root@lpeng-VirtualBox:/# tar +/bin/tar: You must specify one of the '-Acdtrux', '--delete' or '--test-label' options +Try '/bin/tar --help' or '/bin/tar --usage' for more information. +root@lpeng-VirtualBox:/# +=========================== + +by adding output log in main()@qemu/Linux-user/main.c +we found the original input command was changed, and qemu do not know that, we got the input args: +argv_0----/usr/bin/qemu-mips64el-static--- +argv_1----/bin/tar--- +argv_2----NULL--- + +Next step we modified the flags=P in the corresponding config under folder /proc/sys/fs/binfmt_misc, then binfmt_misc sent argv[0] to qemu. +But chroot could not start bash because in current qemu dose not consider about this unexpected one more"argv[0]" + + +After modified qemu code temporary to handle the new argv list we got the input args, and from argv[2] is the original input command +argv_0----/usr/bin/qemu-mips64el-static--- +argv_1----/bin/tar--- +argv_2----tar--- + +We need the original input from command line, so is it possible that let binfmt_misc to pass one more additional args or env to qemu as a token of the binfmt_misc flag, then qemu can judge how to parse the input args by it? +looking forward your suggestions. + +Thanks +luyou \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1819 b/results/classifier/deepseek-r1:32b/output/runtime/1819 new file mode 100644 index 000000000..a1740d8e3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1819 @@ -0,0 +1,13 @@ + + + +segmentation fault for rpm -qa command on centos:centos7 linux/arm/v7 architecture for docker container in shell. +Description of problem: + +Steps to reproduce: +1. docker pull centos:centos7@sha256:6887440ab977f751d6675157b73e42428d8ac05cf244c5d09ba036cc22d40d13 //pull an image centos:centos7 linux/arm/v7 tag +2. docker run -it b22fdcc90005 //docker run in interactive mode just pulled image +3. on shell run command -\> rpm -qa. +4. docker run -it b22fdcc90005 + + WARNING: The requested image's platform (linux/arm/v7) does not match the detected host platform (linux/amd64) and no specific platform was requested \[root@e23bc92686e8 /\]# rpm -qa Segmentation fault (core dumped) diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1821515 b/results/classifier/deepseek-r1:32b/output/runtime/1821515 new file mode 100644 index 000000000..9392e639a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1821515 @@ -0,0 +1,41 @@ + + + +qemu-ppc (user) incorrectly converts float(nan)->double(non-nan) + +Noticed on qemu-3.1.0 on GHC test suite where float32 comparisons didn't work on NaNs. +Here is the minimal reproducer: + +```c +// cat a.c +#include <stdio.h> +#include <math.h> +#include <stdint.h> + +int main() { + volatile float f1 = NAN; + volatile float f2 = NAN; + printf ("f1 (%e, %#x) >= f2 (%e, %#x): %s\n", + f1, *(volatile uint32_t*)&f1, + f2, *(volatile uint32_t*)&f2, + (f1 >= f2) ? "True" + : "False"); + volatile double d = f1; + printf ("d (%e, %#llx)\n", + d, *(volatile uint64_t*)&d); +} +``` + +``` +# incorrect execution: +$ powerpc-unknown-linux-gnu-gcc -O2 a.c -o a -static && qemu-ppc ./a +f1 (5.104236e+38, 0x7fc00000) >= f2 (5.104236e+38, 0x7fc00000): True +d (5.104236e+38, 0x47f8000000000000) + +# correct execution +$ scp a timberdoodle.ppc64.dev.gentoo.org:~/; ssh timberdoodle.ppc64.dev.gentoo.org ./a +f1 (nan, 0x7fc00000) >= f2 (nan, 0x7fc00000): False +d (nan, 0x7ff8000000000000) +``` + +Note: qemu-ppc handled float32 extension as it was not a NaN (exp=111..1111) but a normalized number. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1829459 b/results/classifier/deepseek-r1:32b/output/runtime/1829459 new file mode 100644 index 000000000..850ebbedd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1829459 @@ -0,0 +1,38 @@ + + + +qemu seems to lack support for pid namespace. + +# Version + +qemu-4.0.0 + +# commands used to launch qemu-aarch64 in user mode. + +printf '%s\n' ':qemu-aarch64:M::\x7fELF\x02\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\xb7\x00:\xff\xff\xff\xff\xff\xff\xff\x00\xff\xff\xff\xff\xff\xff\xff\xff\xfe\xff\xff\xff:/usr/bin/qemu-aarch64:'"${QEMU_BINFMT_FLAGS}" >/proc/sys/fs/binfmt_misc/register + +> sudo cp /usr/bin/qemu-aarch64 $RPI/usr/bin +> sudo chroot $RPI /bin/ksh -l + +# host + +Gentoo Linux amd64 + +# Guest + +Gentoo Linux aarch64 + +# The problem that I have + +"emerge" program fails due to the error, "qemu: qemu_thread_create: Invalid argument". +"emerge" is Gentoo's package manager that compiles and installs packages. + +# How to reproduce the issue + +Execute + +unshare --pid -- echo hello world + +or + +python -c "import portage.process; portage.process.spawn(['echo', 'hello', 'world'], unshare_pid=True)" \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1830 b/results/classifier/deepseek-r1:32b/output/runtime/1830 new file mode 100644 index 000000000..27322faa2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1830 @@ -0,0 +1,29 @@ + + + +command hangs in CentOS 7 arm64 container with Ubuntu 22 amd64 host +Description of problem: +The command hangs in the container, taking over the CPU: + +``` +$ docker run -it centos:7 +[root@42e655bf3d60 /]# LD_DEBUG=all /lib64/ld-2.17.so --list /usr/bin/true & +[1] 74 +[root@42e655bf3d60 /]# 74: file=/usr/bin/true [0]; generating link map + +[root@42e655bf3d60 /]# ps -e -o pid,ppid,etime,time,state,args + PID PPID ELAPSED TIME S COMMAND + 1 0 34:59 00:00:00 S /usr/libexec/qemu-binfmt/aarch64-binfmt-P /bin/bash /bin/bash + 74 1 03:16 00:03:13 R /usr/libexec/qemu-binfmt/aarch64-binfmt-P /lib64/ld-2.17.so /lib64/ld-2.17.so + 80 1 4-19:34:01 00:00:00 R ps -e -o pid,ppid,etime,time,state,args +[root@42e655bf3d60 /]# +``` +Steps to reproduce: +1. Start container +2. Run `/lib64/ld-2.17.so --list /usr/bin/true` +Additional information: +1. The problem is not observed in an Ubuntu 20.04 host system performing the same scenario. +2. My team build environment has amd64 native architecture hardware. I ran a similar scenario on an AWS arm64 native machine (QEMU is not needed) and the command works fine in the container. +3. My team builds several Linux images daily - about a dozen amd64 and eight arm64. This is the only image that's causing us this problem. +4. I built trace-cmd but when I tried to start a trace it told me `No events enabled with kvm`. +5. I built qemu-8.1.0-rc3 and saw the same behavior but I don't think `/usr/libexec/qemu-binfmt/aarch64-binfmt-P` was replaced with a new version so I don't think the old version was used for my container. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1832353 b/results/classifier/deepseek-r1:32b/output/runtime/1832353 new file mode 100644 index 000000000..8840513fa --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1832353 @@ -0,0 +1,23 @@ + + + +cpu_exec: Assertion !have_mmap_lock() failed + +Hi, + +I have isolated a testcase from the GCC testsuite (actually gfortran, test proc_ptr_51.f90) which produces tons of: + +qemu-arm: /home/christophe.lyon/src/qemu/accel/tcg/cpu-exec.c:701: cpu_exec: Assertion `!have_mmap_lock()' failed. + +including with master qemu as of today. + +I'm attaching a tarball containing: +qemu-assert: +cmd lib proc_ptr_51.exe + +qemu-assert/lib: +ld-linux-armhf.so.3 libc.so.6 libgcc_s.so.1 libgfortran.so.5 libm.so.6 + +where cmd is the basic command used to launch the test & reproduce the failure. + +Note that the test or the generated may actually be buggy: I have reported failures on native aarch64 and arm machines. Yet, qemu should not fail with a loop of asserts. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1832916 b/results/classifier/deepseek-r1:32b/output/runtime/1832916 new file mode 100644 index 000000000..fd8f7301e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1832916 @@ -0,0 +1,8 @@ + + + +linux-user does not check PROT_EXEC + +At no point do we actually verify that a page is PROT_EXEC before translating. All we end up verifying is that the page is readable. Not the same thing, obviously. + +The following test case should work for any architecture, though I've only validated it for x86_64 and aarch64. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1833668 b/results/classifier/deepseek-r1:32b/output/runtime/1833668 new file mode 100644 index 000000000..c6a88da61 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1833668 @@ -0,0 +1,30 @@ + + + +linux-user: Unable to run ARM binaries on Aarch64 + +Download a ARM package from https://packages.debian.org/sid/busybox-static + +Here tested with: busybox-static_1.30.1-4_armel.deb + +$ file busybox.armel +busybox.armel: ELF 32-bit LSB executable, ARM, EABI5 version 1 (SYSV), statically linked, for GNU/Linux 3.2.0, BuildID[sha1]=12cf572e016bafa240e113b57b3641e94b837f37, stripped + +$ qemu-aarch64 --version +qemu-aarch64 version 2.11.1(Debian 1:2.11+dfsg-1ubuntu7.14) + +$ qemu-aarch64 busybox.armel +busybox.armel: Invalid ELF image for this architecture + +$ qemu-aarch64 -cpu cortex-a7 busybox.armel +unable to find CPU model 'cortex-a7' + +Also reproduced with commit 33d609990621dea6c7d056c86f707b8811320ac1, +while the aarch64_cpus[] array contains Aarch64 CPUs, the arm_cpus[] array is empty: + +$ gdb -q aarch64-linux-user/qemu-aarch64 +(gdb) p aarch64_cpus +$1 = {{name = 0x1fe4e8 "cortex-a57", initfn = 0x109bc0 <aarch64_a57_initfn>, class_init = 0x0}, {name = 0x1fe508 "cortex-a53", initfn = 0x109a10 <aarch64_a53_initfn>, class_init = 0x0}, {name = 0x1fe518 "cortex-a72", + initfn = 0x109868 <aarch64_a72_initfn>, class_init = 0x0}, {name = 0x218020 "max", initfn = 0x109d70 <aarch64_max_initfn>, class_init = 0x0}, {name = 0x0, initfn = 0x0, class_init = 0x0}} +(gdb) p arm_cpus +$2 = {{name = 0x0, initfn = 0x0, class_init = 0x0}} \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1834496 b/results/classifier/deepseek-r1:32b/output/runtime/1834496 new file mode 100644 index 000000000..5d9767168 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1834496 @@ -0,0 +1,30 @@ + + + +Regressions on arm target with some GCC tests + +Hi, + +After trying qemu master: +commit 474f3938d79ab36b9231c9ad3b5a9314c2aeacde +Merge: 68d7ff0 14f5d87 +Author: Peter Maydell <email address hidden> +Date: Fri Jun 21 15:40:50 2019 +0100 + +I found several regressions compared to qemu-3.1 when running the GCC testsuite. +I'm attaching a tarball containing several GCC tests (binaries), needed shared libs, and a short script to run all the tests. + +All tests used to pass w/o error (one of them is verbose), but with a recent qemu, all of them make qemu crash: + +qemu: uncaught target signal 6 (Aborted) - core dumped + +This was noticed with GCC master configured with +--target arm-none-linux-gnueabi +--with-mode arm +--with-cpu cortex-a9 + +and calling qemu with --cpu cortex-a9 (the script uses "any", this makes no difference). + +I have noticed other failures with arm-v8 code, but this is probably the same root cause. Since it's a bit tedious to manually rebuild & extract the testcases, I'd prefer to start with this subset, and I can extract more if needed later. + +Thanks \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1835693 b/results/classifier/deepseek-r1:32b/output/runtime/1835693 new file mode 100644 index 000000000..1ccfe9701 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1835693 @@ -0,0 +1,20 @@ + + + +s390x binaries segfault + +Hello World appears to segfault with qemu s390x, on a Debian 10.0.0 Buster amd64 host. + +$ cat hello.cpp +#include <iostream> +using std::cout; + +int main() { + cout << "Hello World!\n"; + return 0; +} + +$ s390x-linux-gnu-g++ -o hello hello.cpp + +$ qemu-s390x-static hello +Segmentation fault \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1835839 b/results/classifier/deepseek-r1:32b/output/runtime/1835839 new file mode 100644 index 000000000..c863d3fa3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1835839 @@ -0,0 +1,24 @@ + + + +qemu-user: $0 incorrectly always reports absolute path + +We just ran into an issue with the Perl package on Debian/m68k when being built with qemu-user [1]. + +The problem can be boiled down to qemu-user always reporting absolute paths for the shell variable $0 no matter on how the command was invoked. + +A simple reproducer is this: + +On normal system (no emulation): + +root@nofan:~> sh -c 'echo $0' +sh +root@nofan:~> + +On qemu-user: + +(sid-m68k-sbuild)root@nofan:/# sh -c 'echo $0' +/bin/sh +(sid-m68k-sbuild)root@nofan:/# + +> [1] https://lists.debian.org/debian-68k/2019/07/msg00007.html \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1836078 b/results/classifier/deepseek-r1:32b/output/runtime/1836078 new file mode 100644 index 000000000..506e6e585 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1836078 @@ -0,0 +1,25 @@ + + + +Regressions on arm-linux-gnueabihf target with some GCC tests + +Hi, + +After trying qemu master: +commit 474f3938d79ab36b9231c9ad3b5a9314c2aeacde +Merge: 68d7ff0 14f5d87 +Author: Peter Maydell <email address hidden> +Date: Fri Jun 21 15:40:50 2019 +0100 + +even with the fix for https://bugs.launchpad.net/qemu/+bug/1834496, +I've noticed several regressions compared to qemu-3.1 when running the GCC testsuite. +I'm attaching a tarball containing several GCC tests (binaries), needed shared libs, and a short script to run all the tests. + +All tests used to pass w/o error, but with a recent qemu, all of them make qemu crash. + +This was noticed with GCC master configured with +--target arm-none-linux-gnueabihf +--with-cpu cortex-a57 +--with-fpu crypto-neon-fp-armv8 + +Thanks \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1836192 b/results/classifier/deepseek-r1:32b/output/runtime/1836192 new file mode 100644 index 000000000..935aefbc1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1836192 @@ -0,0 +1,24 @@ + + + +Regressions on arm926 target with some GCC tests + +Hi, + +After trying qemu master: +commit 474f3938d79ab36b9231c9ad3b5a9314c2aeacde +Merge: 68d7ff0 14f5d87 +Author: Peter Maydell <email address hidden> +Date: Fri Jun 21 15:40:50 2019 +0100 + +even with the fix for https://bugs.launchpad.net/qemu/+bug/1834496, +I've noticed several regressions compared to qemu-3.1 when running the GCC testsuite, with GCC configured to generate arm10tdmi code by default, and using qemu's --cpu arm926. + +I'm attaching a tarball containing one of the GCC tests (binaries), needed shared libs, and a short script to run the test. + +This was noticed with GCC master configured with +--target arm-none-linux-gnueabi +--with-cpu arm10tdmi +--with-fpu vfp + +Thanks \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1836558 b/results/classifier/deepseek-r1:32b/output/runtime/1836558 new file mode 100644 index 000000000..3fc7acaf2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1836558 @@ -0,0 +1,51 @@ + + + +Qemu-ppc Memory leak creating threads + +When creating c++ threads (with c++ std::thread), the resulting binary has memory leaks when running with qemu-ppc. + +Eg the following c++ program, when compiled with gcc, consumes more and more memory while running at qemu-ppc. (does not have memory leaks when compiling for Intel, when running same binary on real powerpc CPU hardware also no memory leaks). + +(Note I used function getCurrentRSS to show available memory, see https://stackoverflow.com/questions/669438/how-to-get-memory-usage-at-runtime-using-c; calls commented out here) + +Compiler: powerpc-linux-gnu-g++ (Debian 8.3.0-2) 8.3.0 (but same problem with older g++ compilers even 4.9) +Os: Debian 10.0 ( Buster) (but same problem seen on Debian 9/stetch) +qemu: qemu-ppc version 3.1.50 + + + +--- + +#include <iostream> +#include <thread> +#include <chrono> + + +using namespace std::chrono_literals; + +// Create/run and join a 100 threads. +void Fun100() +{ +// auto b4 = getCurrentRSS(); +// std::cout << getCurrentRSS() << std::endl; + for(int n = 0; n < 100; n++) + { + std::thread t([] + { + std::this_thread::sleep_for( 10ms ); + }); +// std::cout << n << ' ' << getCurrentRSS() << std::endl; + t.join(); + } + std::this_thread::sleep_for( 500ms ); // to give OS some time to wipe memory... +// auto after = getCurrentRSS(); + std::cout << b4 << ' ' << after << std::endl; +} + + +int main(int, char **) +{ + Fun100(); + Fun100(); // memory used keeps increasing +} \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1840922 b/results/classifier/deepseek-r1:32b/output/runtime/1840922 new file mode 100644 index 000000000..79a8d0f3f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1840922 @@ -0,0 +1,24 @@ + + + +qemu-arm for cortex-m33 aborts with unhandled CPU exception 0x8 + +Hi, + +While experimenting with running the GCC testsuite with cortex-m33 as target (to exercise v8-m code), I came across this failure: +qemu: unhandled CPU exception 0x8 - aborting +R00=fffeaf58 R01=fffeaf58 R02=00000000 R03=fffeaf5d +R04=fffeaf5c R05=fffeaf9c R06=00000000 R07=fffeaf80 +R08=00000000 R09=00000000 R10=00019dbc R11=00000000 +R12=000000f0 R13=fffeaf58 R14=000081f3 R15=fffeaf5c +XPSR=61000000 -ZC- T NS priv-thread +qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x6033c908 + +I'm using arm-eabi-gcc, so it targets bare-metal, not linux. + +The testcase is GCC's gcc/testsuite/gcc.c-torture/execute/20000822-1.c; it works when compiled at -O2, but crashes when compiled at -Os. The test uses nested functions, so it creates a trampoline on the stack, whose address may be a problem. But since the stack address seems to be in the same range in the O2 and Os cases, it's not that clear. + +I'm attaching the C source, asm, binary executables and qemu traces with in_asm,cpu. + +I execute the binaries with: +qemu-arm --cpu cortex-m33 ./20000822-1.exe.Os \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1854 b/results/classifier/deepseek-r1:32b/output/runtime/1854 new file mode 100644 index 000000000..fd165c9ee --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1854 @@ -0,0 +1,21 @@ + + + +s390x: qemu-user: ERROR:../linux-user/elfload.c:2239:zero_bss: code should not be reached +Description of problem: +The nolibc-test program from the Linux kernel crashes since 5f4e5b34092556ab1577e25d1262bd5975b26980 . +Reverting that commit fixes the issue. +Steps to reproduce: +1. Build `nolibc-test` for s390x from Linux kernel tree. (from `tools/testing/selftests/nolibc/`). EDIT: compiled binary is uploaded below. +2. Run it under qemu-s390x. + +``` + ./qemu-s390x nolibc-test +** +ERROR:../linux-user/elfload.c:2239:zero_bss: code should not be reached +Bail out! ERROR:../linux-user/elfload.c:2239:zero_bss: code should not be reached +Aborted (core dumped) + +``` +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1857 b/results/classifier/deepseek-r1:32b/output/runtime/1857 new file mode 100644 index 000000000..64840da4c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1857 @@ -0,0 +1,55 @@ + + + +Major qemu-aarch64 performance slowdown since commit 59b6b42cd3 +Description of problem: +I have observed a major performance slowdown between qemu 8.0.0 and 8.1.0: + + +qemu 8.0.0: 0.8s + +qemu 8.1.0: 6.8s + + +After bisecting the commits between 8.0.0 and 8.1.0, the offending commit is 59b6b42cd3: + + +commit 59b6b42cd3446862567637f3a7ab31d69c9bef51 +Author: Richard Henderson <richard.henderson@linaro.org> +Date: Tue Jun 6 10:19:39 2023 +0100 + + target/arm: Enable FEAT_LSE2 for -cpu max + + Reviewed-by: Peter Maydell <peter.maydell@linaro.org> + Signed-off-by: Richard Henderson <richard.henderson@linaro.org> + Message-id: 20230530191438.411344-21-richard.henderson@linaro.org + Signed-off-by: Peter Maydell <peter.maydell@linaro.org> + + +Reverting the commit in latest master fixes the problem: + +qemu 8.0.0: 0.8s + +qemu 8.1.0: 6.8s + +qemu master + revert 59b6b42cd3: 0.8s + +Alternatively, specify `-cpu cortex-a35` to disable LSE2: + +`time ./qemu-aarch64 -cpu cortex-a35`: 0.8s + +`time ./qemu-aarch64`: 6.77s + +The slowdown is also observed when running qemu-aarch64 on aarch64 machine: + +`time ./qemu-aarch64 /usr/bin/node -e 1`: 2.91s + +`time ./qemu-aarch64 -cpu cortex-a35 /usr/bin/node -e 1`: 1.77s + +The slowdown on x86_64 machine is small: 362ms -> 378ms. +Steps to reproduce: +1. Run `time ./qemu-aarch64 node-aarch64 -e 1` (node-aarch64 is NodeJS v16 built for AArch64) +2. Using qemu master, the output says `0.8s` +3. Using qemu master with commit 59b6b42cd3 reverted, the output says `6.77s` +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1858415 b/results/classifier/deepseek-r1:32b/output/runtime/1858415 new file mode 100644 index 000000000..9a66d641a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1858415 @@ -0,0 +1,27 @@ + + + +in tcp_emu function has OOB bug + +qemu version: 4.1.0 + +```c +int tcp_emu(struct socket *so, struct mbuf *m){ +............ +case EMU_REALAUDIO: +............ + while (bptr < m->m_data + m->m_len) { + case 6: +............ + lport = (((uint8_t *)bptr)[0] << 8) + ((uint8_t *)bptr)[1]; +............ + *(uint8_t *)bptr++ = (p >> 8) & 0xff; + *(uint8_t *)bptr = p & 0xff; +............ + } +............ +............ +} +``` + +bptr)[1] and bptr++ ,may make bptr == m->m_data + m->m_len,and cause OOB(out of bounds.) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1860056 b/results/classifier/deepseek-r1:32b/output/runtime/1860056 new file mode 100644 index 000000000..441b6f4ad --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1860056 @@ -0,0 +1,23 @@ + + + +mips binaries segfault + +Hello World appears to segfault with qemu mips, on a Debian 10.0.0 Buster amd64 host. + +Example: + + +$ cat mips/test/hello.cpp +#include <iostream> +using std::cout; + +int main() { + cout << "Hello World!\n"; + return 0; +} + +$ mips-linux-gnu-g++ -o hello hello.cpp && ./hello +qemu: uncaught target signal 11 (Segmentation fault) - core dumped + +Note that 64-bit MIPS and little endian 32-bit MIPS qemu work fine. The problem is limited to big endian 32-bit MIPS. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1860610 b/results/classifier/deepseek-r1:32b/output/runtime/1860610 new file mode 100644 index 000000000..aafd772cd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1860610 @@ -0,0 +1,10 @@ + + + +cap_disas_plugin leaks memory + +Looking at origin/master head, the function cap_disas_plugin leaks memory. + +per capstone's examples using their ABI, cs_free(insn, count); needs to called just before cs_close. + +I discovered this running qemu under valgrind. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1861605 b/results/classifier/deepseek-r1:32b/output/runtime/1861605 new file mode 100644 index 000000000..09ddfa40c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1861605 @@ -0,0 +1,19 @@ + + + +LL/SC broken for MIPS after 7dd547e5ab6b31e7a0cfc182d3ad131dd55a948f + +In that commit the env->llval value is loaded as an unsigned value (instead of sign-extended as before and therefore the CMPXCHG in gen_st_cond() in translate.c fails. + +I have committed a fix for this issue as https://github.com/CTSRD-CHERI/qemu/commit/a18d80c629989d002794f558968e1561edaf3dfd + +An alternative solution would be to change the cmpxchg line to perform a non-sign-extended compare, i.e. replace + tcg_gen_atomic_cmpxchg_tl(t0, addr, cpu_llval, val, + eva ? MIPS_HFLAG_UM : ctx->mem_idx, tcg_mo); +with + tcg_gen_atomic_cmpxchg_tl(t0, addr, cpu_llval, val, + eva ? MIPS_HFLAG_UM : ctx->mem_idx, tcg_mo & ~MO_SIGN); + + +I cannot send this patch to the QEMU mailing list as I am not able to setup git-send-email. +Feel free to apply this commit or the alternative solution. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1862167 b/results/classifier/deepseek-r1:32b/output/runtime/1862167 new file mode 100644 index 000000000..512a54b7c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1862167 @@ -0,0 +1,6 @@ + + + +Variation of SVE register size (qemu-user-aarch64) + +Specification of ARMv8-A SVE extention allows various values for the size of the SVE register. On the other hand, it seems that the current qemu-aarch64 supports only the maximum length of 2048 bits as the SVE register size. I am writing an assembler program for a CPU that is compliant with ARMv8-A + SVE and has a 512-bit SVE register, but when this is run with qemu-user-aarch64, a 2048-bit load / store instruction is executed This causes a segmentation fault. Shouldn't qeum-user-aarch64 have an option to specify the SVE register size? \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1862986 b/results/classifier/deepseek-r1:32b/output/runtime/1862986 new file mode 100644 index 000000000..354df31cc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1862986 @@ -0,0 +1,67 @@ + + + +qemu-s390x segfaults + +All tested versions (2.11 and 4.2) qemu-s390x crashes with a segfault when run on an aarch64 odroid Ubuntu. + +Steps to reproduce: + +root@odroid:~/workspace/bitcoin-core# /usr/local/bin/qemu-s390x "/root/workspace/bitcoin-core/build/bitcoin-s390x-linux-gnu/src/test/test_bitcoin_orig" +Segmentation fault (core dumped) +root@odroid:~/workspace/bitcoin-core# /usr/local/bin/qemu-s390x --version +qemu-s390x version 4.2.0 +Copyright (c) 2003-2019 Fabrice Bellard and the QEMU Project developers +root@odroid:~/workspace/bitcoin-core# /usr/bin/qemu-s390x "/root/workspace/bitcoin-core/build/bitcoin-s390x-linux-gnu/src/test/test_bitcoin_orig" +Segmentation fault (core dumped) +root@odroid:~/workspace/bitcoin-core# /usr/bin/qemu-s390x --version +qemu-s390x version 2.11.1(Debian 1:2.11+dfsg-1ubuntu7.22) +Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers + + +qemu-arm does work on the same machine: + +root@odroid:~/workspace/bitcoin-core# /usr/bin/qemu-arm bitcoin-0.19.0.1-armhf/bin/test_bitcoin -t amount_tests +Running 4 test cases... + +*** No errors detected +root@odroid:~/workspace/bitcoin-core# /usr/local/bin/qemu-arm bitcoin-0.19.0.1-armhf/bin/test_bitcoin -t amount_tests +Running 4 test cases... + +*** No errors detected + + +What kind of debug information would be helpful for this issue report? + + +GDB for the self-compiled latest release is not particularly helpful: + +(gdb) run +Starting program: /usr/local/bin/qemu-s390x /root/workspace/bitcoin-core/build/bitcoin-s390x-linux-gnu/src/test/test_bitcoin_orig +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1". +[New Thread 0x7fb7a2a140 (LWP 28264)] + +Thread 1 "qemu-s390x" received signal SIGSEGV, Segmentation fault. +0x000000555596b218 in __bss_start__ () +(gdb) bt +#0 0x000000555596b218 in __bss_start__ () +#1 0x00000055556120a8 in ?? () +#2 0x00000055579904b0 in ?? () +Backtrace stopped: previous frame inner to this frame (corrupt stack?) + +A bit more information is available in the version shipped by Ubuntu: + +(gdb) run +Starting program: /usr/bin/qemu-s390x /root/workspace/bitcoin-core/build/bitcoin-s390x-linux-gnu/src/test/test_bitcoin_orig +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/lib/aarch64-linux-gnu/libthread_db.so.1". +[New Thread 0x7fb7a01180 (LWP 28271)] + +Thread 1 "qemu-s390x" received signal SIGSEGV, Segmentation fault. +0x0000005555738f98 in code_gen_buffer () +(gdb) bt +#0 0x0000005555738f98 in code_gen_buffer () +#1 0x00000055555e96c8 in cpu_exec () +#2 0x00000055555ee430 in cpu_loop () +#3 0x00000055555c3328 in main () \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1863445 b/results/classifier/deepseek-r1:32b/output/runtime/1863445 new file mode 100644 index 000000000..699fc350e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1863445 @@ -0,0 +1,19 @@ + + + +assertion failed at translate-all.c:2523 with version 3.1.1 + +I was trying to debug a userspace binary with radare2 and met the following assertion in qemu: + +``` +qemu-mipsel: /builddir/build/BUILD/qemu-3.1.1/accel/tcg/translate-all.c:2523: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed. +qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x7fd1c11c5987 +``` + +``` +# qemu-mipsel --version +qemu-mipsel version 3.1.1 (qemu-3.1.1-2.fc30) +Copyright (c) 2003-2018 Fabrice Bellard and the QEMU Project developers +``` + +not much to add. seems like qemu is not properly checking for valid addresses \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1869782 b/results/classifier/deepseek-r1:32b/output/runtime/1869782 new file mode 100644 index 000000000..4128c9607 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1869782 @@ -0,0 +1,16 @@ + + + +qemu-arm-static crashes "segmentation fault" when running "svn checkout" + +I'm not actually sure how far I can help as I so far failed to reproduce the issue on my local VM but I get it on Travis CI every time. I even went through the hassle of hacking a Debian repository into their Ubuntu Bionic VM to get qemu 4.2 as I hoped a new version could fix this. + +Here is where the error occured: https://travis-ci.com/github/VDR4Arch/vdr4arch/jobs/309106220#L5420 + +I don't get this error with an armv7h chroot. + +Maybe now I'll just try to remove all uses of svn in my build scripts... + +Is it actually a viable solution to cross-build with qemu? I'm starting to doubt it... + +Would it help if I manage to get this core dump out of Travis somehow (maybe make Travis push it to some GIT or upload it to my webserver)? \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1870477 b/results/classifier/deepseek-r1:32b/output/runtime/1870477 new file mode 100644 index 000000000..bc0c353b3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1870477 @@ -0,0 +1,36 @@ + + + +qemu-arm hangs when golang running test + + +1. Environment: +Ubuntu 16.04.5 X86_64 +qemu-arm version 4.2.0 +go version go 1.14.1 linux/arm + +2. Summary: +Sometimes "go run test.go" command hang + + +3. Reproduction Method (Attempts: 500 Occurred: 1 ): Frequency: 1/500 + + +test.go +====================================== +package main +import "fmt" +func main(){ + for i:=0; i<1000; i++ { + fmt.Printf("[%d] Hello world\n", i) + } +} +====================================== + +i tested "go run test.go" command called 500 times at qemu arm env. +qemu hangs about 200~300. + +attached strace log. + +please check. +thanks \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1878501 b/results/classifier/deepseek-r1:32b/output/runtime/1878501 new file mode 100644 index 000000000..960a09162 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1878501 @@ -0,0 +1,34 @@ + + + +qemu-i386 does not define AT_SYSINFO + +qemu-i386 does not define the AT_SYSINFO auxval when running i386 Linux binaries. + +On most libcs, this is properly handled, but this is mandatory for the i686 Bionic (Android) libc or it will segfault. + +This is due to a blind assumption that getauxval(AT_SYSINFO) will return a valid function pointer: + +The code varies from version to version, but it looks like this: + +void *__libc_sysinfo; +// mangled as _Z19__libc_init_sysinfov +void __libc_init_sysinfo() { + bool dummy; + // __bionic_getauxval = getauxval + __libc_sysinfo = reinterpret_cast<void *>(__bionic_getauxval(AT_SYSINFO, dummy)); +} + +A simple way to reproduce is to compile a basic C program against the NDK: + +int main(void) { return 0; } + +$ i686-linux-android-clang -static empty.c -o empty +$ qemu-i386 -cpu max ./empty +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault + +The place where it segfaults is misleading: It will, at least on the current NDK, crash on __set_thread_area, this is due to it calling a function pointer to __libc_sysinfo returned by __kernel_syscall. + +QEMU 4.1.1 (aarch64) +Pixel 2 XL via Termux \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1880225 b/results/classifier/deepseek-r1:32b/output/runtime/1880225 new file mode 100644 index 000000000..8223b6071 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1880225 @@ -0,0 +1,140 @@ + + + +Emulation of some arm programs fail with "Assertion `have_guest_base' failed." + +This issue is observer with QEMU ToT, checked out around May 15th (but I believe it is present in current master too), and wasn't present in QEMU v5.0.0. + +I am using 32-bit Intel(R) Pentium(R) M processor 1.73GHz host. + +Arm cross-compiler is a standard cross-compiler that comes with Debian-based distributions, and gcc version is: + +$ arm-linux-gnueabi-gcc --version +arm-linux-gnueabi-gcc (Debian 8.3.0-2) 8.3.0 + +Compile this program with cross compiler: + +$ arm-linux-gnueabi-gcc -O2 -static toupper_string.c -o toupper_string-arm + +Emulation with QEMU v5.0.0 is correct, and gives expected output: + +$ ~/Build/qemu-5.0.0/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm +CONTROL RESULT: (toupper_string) + nwlrbbmqbhcdarz owkkyhiddqscdxr jmowfrxsjybldbe fsarcbynecdyggx xpklorellnmpapq + NWLRBBMQBHCDARZ OWKKYHIDDQSCDXR JMOWFRXSJYBLDBE FSARCBYNECDYGGX XPKLORELLNMPAPQ + +While, in case of QEMU master it fails: + +$ ~/Build/qemu-master/build-gcc/arm-linux-user/qemu-arm ./toupper_string-arm +qemu-arm: /home/rtrk/Build/qemu-master/linux-user/elfload.c:2294: probe_guest_base: Assertion `have_guest_base' failed. +Aborted + +There are many other programs that exibit the same behavior. The failure is arm-sprecific. + + +----------------------------------------------------- + +source code: (let's call this file toupper_string.c) (similar file is also in attachment) + + +#include <stdlib.h> +#include <string.h> +#include <stdio.h> +#include <unistd.h> + + +#define MAX_STRING_LENGHT 15 +#define NUMBER_OF_RANDOM_STRINGS 100 +#define DEFAULT_NUMBER_OF_REPETITIONS 30000 +#define MAX_NUMBER_OF_REPETITIONS 1000000000 +#define NUMBER_OF_CONTROL_PRINT_ITEMS 5 + +/* Structure for keeping an array of strings */ +struct StringStruct { + char chars[MAX_STRING_LENGHT + 1]; +}; + +/** + * Sets characters of the given string to random small letters a-z. + * @param s String to get random characters. + * @len Length of the input string. + */ +static void gen_random_string(char *chars, const int len) +{ + static const char letters[] = "abcdefghijklmnopqrstuvwxyz"; + + for (size_t i = 0; i < len; i++) { + chars[i] = letters[rand() % (sizeof(letters) - 1)]; + } + chars[len] = 0; +} + +void main (int argc, char* argv[]) +{ + struct StringStruct random_strings[NUMBER_OF_RANDOM_STRINGS]; + struct StringStruct strings_to_be_uppercased[NUMBER_OF_RANDOM_STRINGS]; + int32_t number_of_repetitions = DEFAULT_NUMBER_OF_REPETITIONS; + int32_t option; + + /* Parse command line options */ + while ((option = getopt(argc, argv, "n:")) != -1) { + if (option == 'n') { + int32_t user_number_of_repetitions = atoi(optarg); + /* Check if the value is a negative number */ + if (user_number_of_repetitions < 1) { + fprintf(stderr, "Error ... Value for option '-n' cannot be a " + "negative number.\n"); + exit(EXIT_FAILURE); + } + /* Check if the value is a string or zero */ + if (user_number_of_repetitions == 0) { + fprintf(stderr, "Error ... Invalid value for option '-n'.\n"); + exit(EXIT_FAILURE); + } + /* Check if the value is too large */ + if (user_number_of_repetitions > MAX_NUMBER_OF_REPETITIONS) { + fprintf(stderr, "Error ... Value for option '-n' cannot be " + "more than %d.\n", MAX_NUMBER_OF_REPETITIONS); + exit(EXIT_FAILURE); + } + number_of_repetitions = user_number_of_repetitions; + } else { + exit(EXIT_FAILURE); + } + } + + /* Create an array of strings with random content */ + srand(1); + for (size_t i = 0; i < NUMBER_OF_RANDOM_STRINGS; i++) { + gen_random_string(random_strings[i].chars, MAX_STRING_LENGHT); + } + + /* Perform uppercasing of a set of random strings multiple times */ + for (size_t j = 0; j < number_of_repetitions; j++) { + /* Copy initial set of random strings to the set to be uppercased */ + memcpy(strings_to_be_uppercased, random_strings, + NUMBER_OF_RANDOM_STRINGS * (MAX_STRING_LENGHT + 1)); + /* Do actual changing case to uppercase */ + for (size_t i = 0; i < NUMBER_OF_RANDOM_STRINGS; i++) { + int k = 0; + + while (strings_to_be_uppercased[i].chars[k]) { + char ch = strings_to_be_uppercased[i].chars[k] - 32; + memcpy((void *)strings_to_be_uppercased[i].chars + k, + &ch, 1); + k++; + } + } + } + + /* Control printing */ + printf("CONTROL RESULT: (toupper_string)\n"); + for (size_t i = 0; i < NUMBER_OF_CONTROL_PRINT_ITEMS; i++) { + printf(" %s", random_strings[i].chars); + } + printf("\n"); + for (size_t i = 0; i < NUMBER_OF_CONTROL_PRINT_ITEMS; i++) { + printf(" %s", strings_to_be_uppercased[i].chars); + } + printf("\n"); +} \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1880332 b/results/classifier/deepseek-r1:32b/output/runtime/1880332 new file mode 100644 index 000000000..7bbdf9749 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1880332 @@ -0,0 +1,10 @@ + + + +Possible regression in QEMU 5.0.0 after CVE-2020-10702 (segmentation fault) + +I've come across a very specific situation, but I'm sure it could be replicated in other cases. + +In QEMU 5.0.0 when I use user emulation with a cURL binary for aarch64 and connect to a server using TLS 1.2 and ECDHE-ECDSA-CHACHA20-POLY1305 cypher a segmentation fault occurs. + +I attach a Dockerfile that reproduces this crash and the strace output with and without the de0b1bae6461f67243282555475f88b2384a1eb9 commit reverted. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1880722 b/results/classifier/deepseek-r1:32b/output/runtime/1880722 new file mode 100644 index 000000000..c4c29c70e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1880722 @@ -0,0 +1,17 @@ + + + +Problems related to checking page crossing in use_goto_tb() + +The discussion that led to this bug discovery can be found in this +mailing list thread: +https://lists.nongnu.org/archive/html/qemu-devel/2020-05/msg05426.html + +A workaround for this problem would be to check for page crossings for +both the user and system modes in the use_goto_tb() function across +targets. Some targets like "hppa" already implement this fix but others +don't. + +To solve the root cause of this problem, the linux-user/mmap.c should +be fixed to do all the invalidations required. By doing so, up to 6.93% +performance improvements will be achieved. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1883268 b/results/classifier/deepseek-r1:32b/output/runtime/1883268 new file mode 100644 index 000000000..97be215b8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1883268 @@ -0,0 +1,40 @@ + + + +random errors on aarch64 when executing __aarch64_cas8_acq_rel + +Hello, + +Since I upgraded to qemu-5.0 when executing the GCC testsuite, +I've noticed random failures of g++.dg/ext/sync-4.C. + +I'm attaching the source of the testcase, the binary executable and the qemu traces (huge, 111MB!) starting at main (with qemu-aarch64 -cpu cortex-a57 -R 0 -d in_asm,int,exec,cpu,unimp,guest_errors,nochain) + +The traces where generated by a CI build, I built the executable manually but I expect it to be the same as the one executed by CI. + +In seems the problem occurs in f13, which leads to a call to abort() + +The preprocessed version of f13/t13 are as follows: +static bool f13 (void *p) __attribute__ ((noinline)); +static bool f13 (void *p) +{ + return (__sync_bool_compare_and_swap((ditype*)p, 1, 2)); +} +static void t13 () +{ + try { + f13(0); + } + catch (...) { + return; + } + abort(); +} + + +When looking at the execution traces at address 0x00400c9c, main calls f13, which in turn calls __aarch64_cas8_acq_rel (at 0x00401084) +__aarch64_cas8_acq_rel returns to f13 (address 0x0040113c), then f13 returns to main (0x0040108c) which then calls abort (0x00400ca0) + +I'm not quite sure what's wrong :-( + +I've not noticed such random problems with native aarch64 hardware. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1883784 b/results/classifier/deepseek-r1:32b/output/runtime/1883784 new file mode 100644 index 000000000..1f5853f84 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1883784 @@ -0,0 +1,12 @@ + + + +[ppc64le] qemu behavior differs from ppc64le hardware + +I have some code which passes my test suite on PPC64LE hardware when compiled with GCC 10, but the saem binary fails with both qemu-ppc64le 4.2 (on Fedora 32) and qemu-ppc64le-static 5.0.0 (Debian testing). + +I'm not getting any errors about illegal instructions or anything, like that; the results are just silently different on qemu. + +I've generated a reduced test case, which is attached along with the binaries (both are the same code, one is just statically linked). They should execute successufully on PPC64LE hardware, but on qemu they hit a __builtin_abort (because the computed value doesn't match the expected value). + +Without being familiar with PPC assembly I'm not sure what else I can do, but if there is anything please let me know. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1885350 b/results/classifier/deepseek-r1:32b/output/runtime/1885350 new file mode 100644 index 000000000..c4b1be6a4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1885350 @@ -0,0 +1,26 @@ + + + +RISCV dynamic rounding mode is not behaving correctly + +Hello, + +I’ve gone through the RISC-V code in latest QEMU release (qemu-5.0.0-rc2) and when checking the Floating point encodings I found the rounding mode is only updated if the opcode field “rm” is changed “ctx->frm == rm”. But according to RISC-V Volume I: Unprivileged ISA, there’s a dynamic mode when rm=7 where the rounding mode is set with frm value. + +So for the same rm value (=7) and when changing frm value seeking different rounding modes, and according to the below code, the rounding mode won’t be updated. Please correct me if I got this implementation wrong. + +static void gen_set_rm(DisasContext *ctx, int rm) +{ + TCGv_i32 t0; + if (ctx->frm == rm) { + return; + } + ctx->frm = rm; + t0 = tcg_const_i32(rm); + gen_helper_set_rounding_mode(cpu_env, t0); + tcg_temp_free_i32(t0); +} + + +My testcase: +I set statically the rm field in the instruction to 7 and before this execution I changed the value of frm field in fcsr register. For the 1st time it worked (according to the code above, the rm is updated so the round mode will also be updated). But when changing fcsr register an re-execute the instruction, there's no difference and the rounding mode is the same like the previous frm value. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1886097 b/results/classifier/deepseek-r1:32b/output/runtime/1886097 new file mode 100644 index 000000000..01677e722 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1886097 @@ -0,0 +1,36 @@ + + + +Error in user-mode calculation of ELF program's brk + +There's a discrepancy between the way QEMU user-mode and Linux calculate the initial program break for statically-linked binaries. I have a binary with the following segments: + + Program Headers: + Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align + EXIDX 0x065a14 0x00075a14 0x00075a14 0x00588 0x00588 R 0x4 + PHDR 0x0a3000 0x000a3000 0x000a3000 0x00160 0x00160 R 0x1000 + LOAD 0x0a3000 0x000a3000 0x000a3000 0x00160 0x00160 R 0x1000 + LOAD 0x000000 0x00010000 0x00010000 0x65fa0 0x65fa0 R E 0x10000 + LOAD 0x066b7c 0x00086b7c 0x00086b7c 0x02384 0x02384 RW 0x10000 + NOTE 0x000114 0x00010114 0x00010114 0x00044 0x00044 R 0x4 + TLS 0x066b7c 0x00086b7c 0x00086b7c 0x00010 0x00030 R 0x4 + GNU_STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RW 0x8 + GNU_RELRO 0x066b7c 0x00086b7c 0x00086b7c 0x00484 0x00484 R 0x1 + LOAD 0x07e000 0x00089000 0x00089000 0x03ff4 0x03ff4 R E 0x1000 + LOAD 0x098000 0x00030000 0x00030000 0x01000 0x01000 RW 0x1000 + +The call to set_brk in Linux's binfmt_elf.c receives these arguments: + + set_brk(0xa3160, 0xa3160, 1) + +Whereas in QEMU, info->brk gets set to 0x88f00. When the binary is run in QEMU, it crashes on the second call to brk, whereas it runs fine on real ARM hardware. I think the trouble is that the program break is set to an address lower than the virtual address of a LOAD segment (the program headers, in this case). + +I believe that this discrepancy arises because in QEMU, info->brk is only incremented when the LOAD segment in question has PROT_WRITE. For this binary, the LOAD segment with write permissions and the highest virtual address is + + LOAD 0x066b7c 0x00086b7c 0x00086b7c 0x02384 0x02384 RW 0x10000 + +which overlaps with the TLS segment: + + TLS 0x066b7c 0x00086b7c 0x00086b7c 0x00010 0x00030 R 0x4 + +However, the Linux kernel puts the program break after the loadable segment with the highest virtual address, regardless of flags. So I think the fix is for QEMU to do the same. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1887306 b/results/classifier/deepseek-r1:32b/output/runtime/1887306 new file mode 100644 index 000000000..63e2ebc02 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1887306 @@ -0,0 +1,58 @@ + + + +qemu-user deadlocks when forked in a multithreaded process + +The following program (also attached) deadlocks when run under QEMU user on Linux. + +#include <pthread.h> +#include <stdio.h> +#include <stdlib.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <unistd.h> + +#define NUM_THREADS 100 +#define NUM_FORKS 10 + +pthread_barrier_t barrier; + +void *t(void *arg) { + for (int i = 0; i < NUM_FORKS; i++) { + pid_t pid = fork(); + if (pid < 0) + abort(); + if (!pid) + _exit(0); + if (waitpid(pid, NULL, 0) < 0) + abort(); + } + //pthread_barrier_wait(&barrier); + return NULL; +} + +int main(void) { + pthread_barrier_init(&barrier, NULL, NUM_THREADS); + pthread_t ts[NUM_THREADS]; + for (size_t i = 0; i < NUM_THREADS; i++) { + if (pthread_create(&ts[i], NULL, t, NULL)) + abort(); + } + for (size_t i = 0; i < NUM_THREADS; i++) { + pthread_join(ts[i], NULL); + } + printf("Done: %d\n", getpid()); + return 0; +} + +To reproduce: +$ gcc test.c -pthread +$ while qemu-x86_64 ./a.out; do :; done + +(Be careful, Ctrl-C/SIGINT doesn't kill the deadlocked child). + +Larger values of NUM_THREADS/NUM_FORKS lead to more often deadlocks. With the values above it often deadlocks on the first try on my machine. When it deadlocks, there is a child qemu process with two threads which is waited upon by one of the worker threads of the parent. + +I tried to avoid the deadlock by serializing fork() with a mutex, but it didn't help. However, ensuring that no thread exits until all forks are done (by adding a barrier to t()) does seem to help, at least, the program above could run for a half an hour until I terminated it. + +Tested on QEMU 5.0.0, 4.2.0 and 2.11.1, with x86_64 and AArch64 linux-user targets. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1888303 b/results/classifier/deepseek-r1:32b/output/runtime/1888303 new file mode 100644 index 000000000..a6c3d6e8c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1888303 @@ -0,0 +1,23 @@ + + + +Intermittent buggines with user mode emulation of x86-64 on aarch64 + +QEMU Version: 5.0.0 +./configure --target-list=x86_64-linux-user --enable-user --prefix=/opt/qemu --static + +Testing using node_exporter from pmm-client-1.17.4-1.el8.x86_64.rpm + +aarch64 system is running CentOS 8 with a mainline 5.4.52 kernel built for 4KB memory pages. + +On aarch64 machine, invoke: + +./qemu-x86_64-static /usr/local/percona/pmm-client/node_exporter.x86_64 -web.listen-address=192.168.0.10:42000 -web.auth-file=/usr/local/percona/pmm-client/pmm.yml -web.ssl-key-file=/usr/local/percona/pmm-client/server.key -web.ssl-cert-file=/usr/local/percona/pmm-client/server.crt -collectors.enabled=diskstats,filefd,filesystem,loadavg,meminfo,netdev,netstat,stat,time,uname,vmstat,meminfo_numa,textfile + +Most of the time it will outright segfault within a few seconds, seemingly when the prometheus server polls for data. + +But, about once every 10 times, it will not sefault and will continue working just fine forever. + +The dynamically linked version of qemu (built without --static) always works without segfaulting, but it just doesn't work, the prometheus server gets no data from it. Again, once in a while it will work, but even when it doesn't work it won't segfault. + +This vaguely feels like a memory alignment issue somewhere, but my debug-fu is not quite strong enough to attack the problem. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1888728 b/results/classifier/deepseek-r1:32b/output/runtime/1888728 new file mode 100644 index 000000000..68b6cce83 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1888728 @@ -0,0 +1,22 @@ + + + +Bare chroot in linux-user fails with pgb_reserved_va: Assertion `guest_base != 0' failed. + +Trying to run a bare chroot with no additional bind mounts fails on git master (8ffa52c20d5693d454f65f2024a1494edfea65d4) with: + +root@nofan:~/qemu> chroot /local_scratch/sid-m68k-sbuild/ +qemu-m68k-static: /root/qemu/linux-user/elfload.c:2315: pgb_reserved_va: Assertion `guest_base != 0' failed. +Aborted +root@nofan:~/qemu> + +The problem can be worked around by bind-mounting /proc from the host system into the target chroot: + +root@nofan:~/qemu> mount -o bind /proc/ /local_scratch/sid-m68k-sbuild/proc/ +root@nofan:~/qemu> chroot /local_scratch/sid-m68k-sbuild/ +bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8) +(sid-m68k-sbuild)root@nofan:/# + +Host system is an up-to-date Debian unstable (2020-07-23). + +I have not been able to bisect the issue yet since there is another annoying linux-user bug (virtual memory exhaustion) that was somewhere introduced and fixed between v5.0.0 and HEAD and overshadows the original Assertion failure bug. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1889411 b/results/classifier/deepseek-r1:32b/output/runtime/1889411 new file mode 100644 index 000000000..fae0a1013 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1889411 @@ -0,0 +1,66 @@ + + + +RISC-V: Unable to unwind the stack upon signals + +Consider the following program: + +=============================================================== +#include <stdio.h> +#include <stdlib.h> + +#define NOINLINE __attribute__ ((noinline)) + +void NOINLINE abort_me(void) { abort(); /* trigger SIGABRT */ } + +void NOINLINE level1(void) { abort_me(); } + +void NOINLINE level2(void) { level1(); } + +void NOINLINE level3(void) { level2(); } + +void NOINLINE level4(void) { level3();} + +int main(void) { + level4(); + return 0; +} +=============================================================== + +$ riscv64-linux-gnu-gcc -march=rv64imafdc -O0 -g c.c +$ qemu-riscv64 -g 31337 ./c & +$ riscv64-unknown-linux-gnu-gdb -q -ex 'target remote localhost:31337' -ex 'b abort_me' -ex c -ex bt ./c +Reading symbols from c... +Remote debugging using localhost:31337 +Reading symbols from /home/lewurm/riscv/sysroot/lib/ld-linux-riscv64-lp64d.so.1... +0x0000004000804f30 in _start () from /home/lewurm/riscv/sysroot/lib/ld-linux-riscv64-lp64d.so.1 +Breakpoint 1 at 0x4000000632: file c.c, line 7. +Continuing. + +Breakpoint 1, abort_me () at c.c:7 +7 abort(); /* trigger SIGABRT */ +#0 abort_me () at c.c:7 +#1 0x0000004000000642 in level1 () at c.c:11 +#2 0x0000004000000658 in level2 () at c.c:15 +#3 0x000000400000066e in level3 () at c.c:19 +#4 0x0000004000000684 in level4 () at c.c:23 +#5 0x000000400000069a in main () at c.c:27 +=============================================================== + +So far so good, I get a proper backtrace as expected. If I let the signal trigger however, gdb is not able to unwind the stack: + +(gdb) c +Continuing. + +Program received signal SIGABRT, Aborted. +0x0000004000858074 in ?? () +(gdb) bt +#0 0x0000004000858074 in ?? () + + + +I get the same behaviour for SIGSEGV and SIGILL, I didn't try other signals. Apparently this scenario works on real hardware (see linked gdb issue below), and presumably it would work with system qemu (I haven't tested that yet though). So my guess is that qemu does something differently around signal handling than the linux kernel. + + +Full reproducer: https://gist.github.com/lewurm/befb9ddf5894bad9628b1df77258598b +RISC-V GDB issue: https://github.com/riscv/riscv-binutils-gdb/issues/223 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1890 b/results/classifier/deepseek-r1:32b/output/runtime/1890 new file mode 100644 index 000000000..bacc2dcb4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1890 @@ -0,0 +1,28 @@ + + + +qemu-arm 8.1.0 Error mapping file: Operation not permitted +Description of problem: +failed to execute the cortex-m binary hello_world, and says: +qemu-arm: /home/user/work/tests/c/hello_world: Error mapping file: Operation not permitted +Steps to reproduce: +1. +``` +cat > hello_new.c <<EOF +#include <stdio.h> +int main() +{printf("hello world"); return 0;} +EOF +``` +2. +``` +arm-none-eabi-gcc -mcpu=cortex-m55 -g hello_world.c -o hello_world -specs=rdimon.specs +``` +3. +``` +qemu-arm -cpu cortex-m55 hello_world +qemu-arm: /home/user/work/tests/c/hello_world: Error mapping file: Operation not permitted +``` +Additional information: +1, version 8.0.4 version is okay\ +2, arm-none-eabi-gcc version is 10.3.1 20210824 (release) diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1892081 b/results/classifier/deepseek-r1:32b/output/runtime/1892081 new file mode 100644 index 000000000..2410ef983 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1892081 @@ -0,0 +1,17 @@ + + + +Performance improvement when using "QEMU_FLATTEN" with softfloat type conversions + +Attached below is a matrix multiplication program for double data +types. The program performs the casting operation "(double)rand()" +when generating random numbers. + +This operation calls the integer to float softfloat conversion +function "int32_to_float_64". + +Adding the "QEMU_FLATTEN" attribute to the function definition +decreases the instructions per call of the function by about 63%. + +Attached are before and after performance screenshots from +KCachegrind. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1894029 b/results/classifier/deepseek-r1:32b/output/runtime/1894029 new file mode 100644 index 000000000..dbb691fe3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1894029 @@ -0,0 +1,42 @@ + + + +qemu-i386 malloc error + +Hi!I use qemu-i386-static on 64 bit machines.And memory request succeeded, but the pointer is wrong. +This is my test program: + +#include <stdint.h> +#include <stdio.h> +#include <stdlib.h> +#include <unistd.h> + +int main(int argc, char **argv) +{ + void *pa=0,*pb=0,*pc=0,*pd=0; + pa = malloc(sizeof(uint32_t)); + pb = malloc(sizeof(uint32_t)); + pc = malloc(4); + pd = malloc(4); + printf("pa: 0x%x\n",pa); + printf("pb: 0x%x\n",pb); + printf("pc: 0x%x\n",pc); + printf("pd: 0x%x\n",pd); + printf("uint32_t:%d\n",sizeof(uint32_t)); + free(pa); + free(pb); + free(pc); + free(pd); + return 0; +} + +And it is wrong: + +pa: 0x400051a0 +pb: 0x400051b0 +pc: 0x400051c0 +pd: 0x400051d0 +uint32_t:4 + +Why did I apply for 4 bytes of space, but the pointer only increased by 2 bytes?? +Is it a BUG?? \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1895 b/results/classifier/deepseek-r1:32b/output/runtime/1895 new file mode 100644 index 000000000..bfa89de85 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1895 @@ -0,0 +1,149 @@ + + + +qemu-user uses fixed stack size and ignores RLIMIT_STACK request, causing some guest programs to crash +Description of problem: +When compiling a source file, g++ segmentation faults in qemu-user riscv64. But it doesn't fail on real riscv64 boards. + +We discovered this problem while compiling nodejs-lts-hydrogen. The source file has been reduced to 5KB by cvise. +Steps to reproduce: +1. Setup an Arch Linux riscv64 qemu-user container: https://github.com/felixonmars/archriscv-packages/wiki/Setup-Arch-Linux-RISC-V-Development-Environment +2. Start the container: `sudo systemd-nspawn -D ./archriscv -a -U` +3. Install gcc inside the container: `sudo pacman -Syu gcc` +4. Run the following command in the container: `g++ -S testcase.i -w -fpreprocessed -o /dev/null` [testcase.i](/uploads/d63b1867a458a240ef0d90c760d76bc7/testcase.i) +5. g++ segmentation faults: `g++: internal compiler error: Segmentation fault signal terminated program cc1plus` +Additional information: +Initially I thought this is a g++ bug. But I can't reproduce this bug on real riscv64 hardware. + +g++ version: g++ (GCC) 13.2.1 20230801 + +testcase.i: + +```c++ +namespace std { +typedef long unsigned size_t; +inline namespace __cxx11 {} +} // namespace std +typedef char uint8_t; +namespace std { +template <typename _Default, typename, template <typename> class> +struct __detector { + using type = _Default; +}; +template <typename _Default, template <typename> class _Op> +using __detected_or = __detector<_Default, void, _Op>; +template <typename _Default, template <typename> class _Op> +using __detected_or_t = typename __detected_or<_Default, _Op>::type; +template <typename> class allocator; +namespace __cxx11 { +template <typename _CharT, typename = _CharT, typename = allocator<_CharT>> +class basic_string; +} +typedef basic_string<char> string; +} // namespace std +template <typename _Tp> class __new_allocator { +public: + typedef _Tp value_type; +}; +namespace std { +template <typename _Tp> using __allocator_base = __new_allocator<_Tp>; +template <typename _Tp> class allocator : public __allocator_base<_Tp> {}; +template <class _E> class initializer_list { + typedef size_t size_type; + typedef _E *iterator; + iterator _M_array; + size_type _M_len; +}; +struct __allocator_traits_base { + template <typename _Tp> using __pointer = typename _Tp::const_pointer; +}; +template <typename _Alloc> struct allocator_traits : __allocator_traits_base { + typedef typename _Alloc::value_type value_type; + using pointer = __detected_or_t<value_type, __pointer>; +}; +} // namespace std +namespace __gnu_cxx { +template <typename _Alloc> +struct __alloc_traits : std::allocator_traits<_Alloc> {}; +} // namespace __gnu_cxx +namespace std { +namespace __cxx11 { +template <typename _CharT, typename, typename _Alloc> class basic_string { + typedef __gnu_cxx::__alloc_traits<_Alloc> _Alloc_traits; + +public: + typedef typename _Alloc_traits::pointer pointer; + struct _Alloc_hider { + _Alloc_hider(pointer, _Alloc); + } _M_dataplus; + pointer _M_local_data(); + basic_string(_CharT *, _Alloc __a = _Alloc()) + : _M_dataplus(_M_local_data(), __a) {} + ~basic_string(); +}; +} // namespace __cxx11 +} // namespace std +namespace v8 { +class StartupData {}; +} // namespace v8 +namespace std { +template <typename _Tp> class vector { +public: + typedef _Tp value_type; + vector(initializer_list<value_type>); +}; +namespace builtins { +struct CodeCacheInfo { + string id; + vector<uint8_t> data; +}; +} // namespace builtins +struct IsolateDataSerializeInfo {}; +struct EnvSerializeInfo {}; +struct SnapshotMetadata { + enum { kDefault } type; + string node_version; + string node_arch; + string v8_cache_version_tag; +}; +struct SnapshotData { + enum { kNotOwned } data_ownership; + SnapshotMetadata metadata; + v8::StartupData v8_snapshot_blob_data; + IsolateDataSerializeInfo isolate_data_info; + EnvSerializeInfo env_info; + vector<builtins::CodeCacheInfo> code_cache; +} snapshot_data{ + SnapshotData::kNotOwned, + SnapshotMetadata::kDefault, + "", + "", + "", + {}, + {}, + {}, + {{""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}, + {""}, {""}, {""}, {""}, {""}, {""}, {""}, {""}}}; +} // namespace std +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1895080 b/results/classifier/deepseek-r1:32b/output/runtime/1895080 new file mode 100644 index 000000000..eb26fb5fc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1895080 @@ -0,0 +1,39 @@ + + + +pgb_reserved_va: Assertion `addr == test' failed + +This problem occurs on CentOS-7.5 (64-bit) with qemu-5.1.0, qemu head (commit 9435a8b3dd35f1f926f1b9127e8a906217a5518a) for riscv32-linux-user. + +Firstly, compile fails: +Compiling C object libqemu-riscv32-linux-user.fa.p/linux-user_strace.c.o +../qemu.git/linux-user/strace.c:1210:18: error: ‘FALLOC_FL_KEEP_SIZE’ undeclared here (not in a function) + FLAG_GENERIC(FALLOC_FL_KEEP_SIZE), + +I have to add below include to linux-user/strace.c +diff --git a/linux-user/strace.c b/linux-user/strace.c +index 11fea14fba..22e51d4a8a 100644 +--- a/linux-user/strace.c ++++ b/linux-user/strace.c +@@ -7,6 +7,7 @@ + #include <sys/mount.h> + #include <arpa/inet.h> + #include <netinet/tcp.h> ++#include <linux/falloc.h> + #include <linux/if_packet.h> + #include <linux/netlink.h> + #include <sched.h> + +Then trying qemu-riscv32 with a simple ELF, I get: +linux-user/elfload.c:2341: pgb_reserved_va: Assertion `addr == test' failed. + +strace shows that: +mmap(0x1000, 4294963200, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x10000 +write(2, "qemu-riscv32: ../qemu.git/linux-"..., 103qemu-riscv32: ../qemu.git/linux-user/elfload.c:2341: pgb_reserved_va: Assertion `addr == test' failed. +) = 103 + +The source code is in the function pgb_reserved_va (linux-user/elfload.c). I think mmap cannot guarantee that the returned pointer (test) equals to the parameter of addr. So is this a bug to assert (addr == test)? + +Attached configure script and test ELF file. + +Thanks. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1895305 b/results/classifier/deepseek-r1:32b/output/runtime/1895305 new file mode 100644 index 000000000..7776d39c2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1895305 @@ -0,0 +1,51 @@ + + + +pthread_cancel fails with "RT33" with musl libc + +From my testing it seems that QEMU built against musl libc crashes on pthread_cancel cancel calls - if the binary is also built with musl libc. + +Minimal sample: + +#include <pthread.h> +#include <stdio.h> +#include <unistd.h> +void* threadfunc(void* ignored) { + while (1) { + pause(); + } + return NULL; +} +int main() { + pthread_t thread; + pthread_create(&thread, NULL, &threadfunc, NULL); + sleep(1); + pthread_cancel(thread); + printf("OK, alive\n"); +} + +In an Alpine Linux aarch64 chroot (on an x86_64 host) the binary will just output RT33 and has exit code 161. + +Using qemu-aarch64 on an x86_64 host results in the output (fish shell) + fish: “qemu-aarch64-static ./musl-stat…” terminated by signal Unknown (Unknown) +or (bash) + Real-time signal 2 + +and exit code 164. + +It doesn't matter whether the binary is linked dynamically or static. You can see my test results in the following table: + +| | QEMU glibc | QEMU musl | +|----------------------|------------|-----------| +| binary glibc dynamic | ✓ | ✓ | +| binary glibc static | ✓ | ✓ | +| binary musl dynamic | ✓ | ✗ | +| binary musl static | ✓ | ✗ | + +Both QEMU builds are v5.1.0 (glibc v2.32 / musl v1.2.1) + +I've uploaded all my compile and test commands (plus a script to conveniently run them all) to https://github.com/z3ntu/qemu-pthread_cancel . It also includes the built binaries if needed. The test script output can be found at https://github.com/z3ntu/qemu-pthread_cancel/blob/master/results.txt + +Further links: +- https://gitlab.com/postmarketOS/pmaports/-/issues/190#note_141902075 +- https://gitlab.com/postmarketOS/pmbootstrap/-/issues/1970 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1895471 b/results/classifier/deepseek-r1:32b/output/runtime/1895471 new file mode 100644 index 000000000..517420fb3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1895471 @@ -0,0 +1,26 @@ + + + +compilation error with clang in util/async.c + +configured with ` CC=clang CXX=clang++ ../configure --target-list=x86_64-softmmu --enable-kvm --enable-curl --enable-debug --enable-jemalloc --enable-fuzzing --enable-sdl` and after make I get the following error related to c11 atomics. I'm using clang because I'm experimenting with fuzzer + +[glitz@archlinux /code/qemu/build]$ ninja -j5 +[479/2290] Compiling C object libqemuutil.a.p/util_async.c.o +FAILED: libqemuutil.a.p/util_async.c.o +clang -Ilibqemuutil.a.p -I. -I.. -Iqapi -Itrace -Iui -Iui/shader -I/usr/include/p11-kit-1 -I/usr/include/glib-2.0 -I/usr/lib/glib-2.0/include -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/gio-unix-2.0 -Ilinux-headers -Xclang -fcolor-diagnostics -pipe -Wall -Winvalid-pch -Werror -std=gnu99 -g -m64 -mcx16 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-initializer-overrides -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-string-plus-int -Wno-typedef-redefinition -Wno-tautological-type-limit-compare -fstack-protector-strong -fsanitize=fuzzer-no-link -iquote /code/qemu/tcg/i386 -isystem /code/qemu/linux-headers -iquote . -iquote /code/qemu -iquote /code/qemu/accel/tcg -iquote /code/qemu/include -iquote /code/qemu/disas/libvixl -pthread -fPIC -MD -MQ libqemuutil.a.p/util_async.c.o -MF libqemuutil.a.p/util_async.c.o.d -o libqemuutil.a.p/util_async.c.o -c ../util/async.c +../util/async.c:79:17: error: address argument to atomic operation must be a pointer to _Atomic type ('unsigned int *' invalid) + old_flags = atomic_fetch_or(&bh->flags, BH_PENDING | new_flags); + ^ ~~~~~~~~~~ +/usr/lib/clang/10.0.1/include/stdatomic.h:138:42: note: expanded from macro 'atomic_fetch_or' +#define atomic_fetch_or(object, operand) __c11_atomic_fetch_or(object, operand, __ATOMIC_SEQ_CST) + ^ ~~~~~~ +../util/async.c:105:14: error: address argument to atomic operation must be a pointer to _Atomic type ('unsigned int *' invalid) + *flags = atomic_fetch_and(&bh->flags, + ^ ~~~~~~~~~~ +/usr/lib/clang/10.0.1/include/stdatomic.h:144:43: note: expanded from macro 'atomic_fetch_and' +#define atomic_fetch_and(object, operand) __c11_atomic_fetch_and(object, operand, __ATOMIC_SEQ_CST) + ^ ~~~~~~ +2 errors generated. +[483/2290] Compiling C object libqemuutil.a.p/util_qemu-error.c.o +ninja: build stopped: subcommand failed. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1895703 b/results/classifier/deepseek-r1:32b/output/runtime/1895703 new file mode 100644 index 000000000..d32f52a0b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1895703 @@ -0,0 +1,21 @@ + + + +performance degradation in tcg since Meson switch + +The buildsys conversion to Meson (1d806cef0e3..7fd51e68c34) +introduced a degradation in performance in some TCG targets: + +-------------------------------------------------------- +Test Program: matmult_double +-------------------------------------------------------- +Target Instructions Previous Latest + 1d806cef 7fd51e68 +---------- -------------------- ---------- ---------- +alpha 3 233 957 639 ----- +7.472% +m68k 3 919 110 506 ----- +18.433% +-------------------------------------------------------- + +Original report from Ahmed Karaman with further testing done +by Aleksandar Markovic: +https://<email address hidden>/msg740279.html \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1904259 b/results/classifier/deepseek-r1:32b/output/runtime/1904259 new file mode 100644 index 000000000..df07207ac --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1904259 @@ -0,0 +1,32 @@ + + + +include/qemu/atomic.h:495:5: error: misaligned atomic operation may incur significant performance penalty (Clang 11; Ubuntu 16 i686) + +Hello. +I haven't found any "official" executables, for emulating RISC-V (32bit; 64bit) so I had to compile those myself. + +I found that auto-generated build scripts, for Ninja, contained some warnings interpreted as errors: + + +oceanfish81@gollvm:~/Desktop/qemu/build$ ninja -j 1 +[2/1977] Compiling C object libqemuutil.a.p/util_qsp.c.o +FAILED: libqemuutil.a.p/util_qsp.c.o +clang-11 -Ilibqemuutil.a.p -I. -I.. -Iqapi -Itrace -Iui -Iui/shader -I/usr/include/glib-2.0 -I/usr/lib/i386-linux-gnu/glib-2.0/include -I/usr/include/gio-unix-2.0/ -Xclang -fcolor-diagnostics -pipe -Wall -Winvalid-pch -Werror -std=gnu99 -O2 -g -m32 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wstrict-prototypes -Wredundant-decls -Wundef -Wwrite-strings -Wmissing-prototypes -fno-strict-aliasing -fno-common -fwrapv -Wold-style-definition -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wnested-externs -Wendif-labels -Wexpansion-to-defined -Wno-initializer-overrides -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-string-plus-int -Wno-typedef-redefinition -Wno-tautological-type-limit-compare -Wno-psabi -fstack-protector-strong -isystem /home/oceanfish81/Desktop/qemu/linux-headers -isystem linux-headers -iquote /home/oceanfish81/Desktop/qemu/tcg/i386 -iquote . -iquote /home/oceanfish81/Desktop/qemu -iquote /home/oceanfish81/Desktop/qemu/accel/tcg -iquote /home/oceanfish81/Desktop/qemu/include -iquote /home/oceanfish81/Desktop/qemu/disas/libvixl -pthread -Wno-unused-function -fPIC -MD -MQ libqemuutil.a.p/util_qsp.c.o -MF libqemuutil.a.p/util_qsp.c.o.d -o libqemuutil.a.p/util_qsp.c.o -c ../util/qsp.c +In file included from ../util/qsp.c:62: +In file included from /home/oceanfish81/Desktop/qemu/include/qemu/thread.h:4: +In file included from /home/oceanfish81/Desktop/qemu/include/qemu/processor.h:10: +/home/oceanfish81/Desktop/qemu/include/qemu/atomic.h:495:5: error: misaligned atomic operation may incur significant performance penalty [-Werror,-Watomic-alignment] + qatomic_set__nocheck(ptr, val); + ^ +/home/oceanfish81/Desktop/qemu/include/qemu/atomic.h:138:5: note: expanded from macro 'qatomic_set__nocheck' + __atomic_store_n(ptr, i, __ATOMIC_RELAXED) + ^ +/home/oceanfish81/Desktop/qemu/include/qemu/atomic.h:485:12: error: misaligned atomic operation may incur significant performance penalty [-Werror,-Watomic-alignment] + return qatomic_read__nocheck(ptr); + ^ +/home/oceanfish81/Desktop/qemu/include/qemu/atomic.h:129:5: note: expanded from macro 'qatomic_read__nocheck' + __atomic_load_n(ptr, __ATOMIC_RELAXED) + ^ +2 errors generated. +ninja: build stopped: subcommand failed. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1906536 b/results/classifier/deepseek-r1:32b/output/runtime/1906536 new file mode 100644 index 000000000..ce49bf0bc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1906536 @@ -0,0 +1,33 @@ + + + +Unable to set SVE VL to 1024 bits or above since 7b6a2198 + +Prior to 7b6a2198e71794c851f39ac7a92d39692c786820, the QEMU option sve-max-vq could be used to set the vector length of the implementation. This is useful (among other reasons) for testing software compiled with a fixed SVE vector length. Since this commit, the vector length is capped at 512 bits. + +To reproduce the issue: + +$ cat rdvl.s +.global _start +_start: + rdvl x0, #1 + asr x0, x0, #4 + mov x8, #93 // exit + svc #0 +$ aarch64-linux-gnu-as -march=armv8.2-a+sve rdvl.s -o rdvl.o +$ aarch64-linux-gnu-ld rdvl.o +$ for vl in 1 2 4 8 16; do ../build-qemu/aarch64-linux-user/qemu-aarch64 -cpu max,sve-max-vq=$vl a.out; echo $?; done +1 +2 +4 +4 +4 + +For a QEMU built prior to the above revision, we get the output: +1 +2 +4 +8 +16 + +as expected. It seems that either the old behavior should be restored, or there should be an option to force a higher vector length? \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1907817 b/results/classifier/deepseek-r1:32b/output/runtime/1907817 new file mode 100644 index 000000000..dc04f7b7f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1907817 @@ -0,0 +1,46 @@ + + + +qemu-aarch64 tcg assertion v5.2.0 + +After updating to 5.2 I am getting following assertion error: +qemu-aarch64: ../tcg/tcg-op-gvec.c:54: check_size_align: Assertion `(maxsz & max_align) == 0' failed. + +I think it was introduced by commit: e2e7168a214b0ed98dc357bba96816486a289762 + +Becasue before this change, in function simd_desc only maxsz % 8 == 0 was checked, but after this change qemu check for following: + +max_align = maxsz >= 16 ? 15 : 7; +tcg_debug_assert((maxsz & max_align) == 0); <--- here assertion happens + +in my case maxsz=56. + + +Whole backtrace: +#4 0x0000004000314770 in check_size_align (oprsz=56, maxsz=56, ofs=0) at ../tcg/tcg-op-gvec.c:54 +#5 0x0000004000314950 in simd_desc (oprsz=56, maxsz=56, data=0) at ../tcg/tcg-op-gvec.c:89 +#6 0x0000004000316270 in do_dup (vece=0, dofs=3144, oprsz=56, maxsz=56, in_32=0x0, in_64=0x0, in_c=0) at ../tcg/tcg-op-gvec.c:630 +#7 0x00000040003164d0 in expand_clr (dofs=3144, maxsz=56) at ../tcg/tcg-op-gvec.c:679 +#8 0x0000004000319bb0 in tcg_gen_gvec_mov (vece=3, dofs=3136, aofs=3136, oprsz=8, maxsz=64) at ../tcg/tcg-op-gvec.c:1538 +#9 0x0000004000200dc0 in clear_vec_high (s=0x40021a8180, is_q=false, rd=0) at ../target/arm/translate-a64.c:592 +#10 0x0000004000200e40 in write_fp_dreg (s=0x40021a8180, reg=0, v=0x1108) at ../target/arm/translate-a64.c:600 +--Type <RET> for more, q to quit, c to continue without paging-- +#11 0x0000004000200e90 in write_fp_sreg (s=0x40021a8180, reg=0, v=0x1060) at ../target/arm/translate-a64.c:608 +#12 0x0000004000214210 in handle_fpfpcvt (s=0x40021a8180, rd=0, rn=0, opcode=2, itof=true, rmode=0, scale=64, sf=0, type=0) + at ../target/arm/translate-a64.c:6988 +#13 0x0000004000214f90 in disas_fp_int_conv (s=0x40021a8180, insn=505544704) at ../target/arm/translate-a64.c:7299 +#14 0x0000004000215350 in disas_data_proc_fp (s=0x40021a8180, insn=505544704) at ../target/arm/translate-a64.c:7389 +#15 0x000000400022aa70 in disas_data_proc_simd_fp (s=0x40021a8180, insn=505544704) at ../target/arm/translate-a64.c:14494 +#16 0x000000400022af90 in disas_a64_insn (env=0x7fac59b6b490, s=0x40021a8180) at ../target/arm/translate-a64.c:14663 +#17 0x000000400022b750 in aarch64_tr_translate_insn (dcbase=0x40021a8180, cpu=0x7fac59b63150) at ../target/arm/translate-a64.c:14823 +#18 0x00000040002e8630 in translator_loop (ops=0x4000902e00 <aarch64_translator_ops>, db=0x40021a8180, cpu=0x7fac59b63150, + tb=0x7fac3419c5c0, max_insns=512) at ../accel/tcg/translator.c:103 +#19 0x00000040002e3a60 in gen_intermediate_code (cpu=0x7fac59b63150, tb=0x7fac3419c5c0, max_insns=512) + at ../target/arm/translate.c:9283 +#20 0x00000040002fed30 in tb_gen_code (cpu=0x7fac59b63150, pc=4458820, cs_base=0, flags=2148544819, cflags=-16777216) + at ../accel/tcg/translate-all.c:1744 +#21 0x000000400036a6e0 in tb_find (cpu=0x7fac59b63150, last_tb=0x7fac3419c400, tb_exit=0, cf_mask=0) at ../accel/tcg/cpu-exec.c:414 +--Type <RET> for more, q to quit, c to continue without paging-- +#22 0x000000400036b040 in cpu_exec (cpu=0x7fac59b63150) at ../accel/tcg/cpu-exec.c:770 +#23 0x0000004000113a90 in cpu_loop (env=0x7fac59b6b490) at ../linux-user/aarch64/cpu_loop.c:84 +#24 0x00000040002fb8c0 in main (argc=2, argv=0x40021a8e68, envp=0x40021a8e80) at ../linux-user/main.c:864 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1907969 b/results/classifier/deepseek-r1:32b/output/runtime/1907969 new file mode 100644 index 000000000..58e7ba57a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1907969 @@ -0,0 +1,61 @@ + + + +linux-user/i386: Segfault when mixing threads and signals + +Given the following C program, qemu-i386 will surely and certainly segfault when executing it. +The problem is only noticeable if the program is statically linked to musl's libc and, as written +in the title, it only manifests when targeting i386. + +Removing the pthread calls or the second raise() makes it not segfault. + +The crash is in some part of the TCG-generated code, right when it tries to perform a +%gs-relative access. + +If you want a quick way of cross-compiling this binary: + +* Download a copy of the Zig compiler from https://ziglang.org/download/ +* Compile it with + `zig cc -target i386-linux-musl <C-FILE> -o <OUT>` + +``` +#include <pthread.h> +#include <signal.h> +#include <stdio.h> +#include <string.h> +#include <sys/types.h> +#include <unistd.h> +#include <asm/prctl.h> +#include <sys/syscall.h> + +void sig_func(int sig) +{ + write(1, "hi!\n", strlen("hi!\n")); +} + +void func(void *p) { } + +typedef void *(*F)(void *); + +int main() +{ + pthread_t tid; + + struct sigaction action; + action.sa_flags = 0; + action.sa_handler = sig_func; + + if (sigaction(SIGUSR1, &action, NULL) == -1) { + return 1; + } + + // This works. + raise(SIGUSR1); + + pthread_create(&tid, NULL, (F)func, NULL); + pthread_join(tid, NULL); + + // This makes qemu segfault. + raise(SIGUSR1); +} +``` \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1908 b/results/classifier/deepseek-r1:32b/output/runtime/1908 new file mode 100644 index 000000000..6375c0e2a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1908 @@ -0,0 +1,52 @@ + + + +8.1.0 regression: abnormal segfault in qemu-riscv64-static +Description of problem: +loading_from_clipboard_test of Cockatrice segfaults in qemu-riscv64-static. +Steps to reproduce: +1. Setup an Arch Linux riscv64 qemu-user container: https://github.com/felixonmars/archriscv-packages/wiki/Setup-Arch-Linux-RISC-V-Development-Environment +2. Start the container: `sudo systemd-nspawn -D ./archriscv -a -U` +3. Build cockatrice 2.9.0 with tests in the container: https://github.com/Cockatrice/Cockatrice/releases/tag/2023-09-14-Release-2.9.0 +4. Run tests/loading_from_clipboard/loading_from_clipboard_test in the container +Additional information: +I have done bisection and find out that this commit caused the regression: 2d708164e0475064e0e2167bd73e8570e22df1e0 + +qemu built from HEAD(494a6a2) is still affected by this bug. + +Backtrace: + +``` +#0 0x00007fffe849f133 in code_gen_buffer () +#1 0x00007ffff7b3a433 in cpu_tb_exec (cpu=0x7ffff7f71010, itb=0x7fffe849f040 <code_gen_buffer+4845587>, +tb_exit=0x7fffffffde20) at ../qemu/accel/tcg/cpu-exec.c:457 +#2 0x00007ffff7b3aeac in cpu_loop_exec_tb (cpu=0x7ffff7f71010, tb=0x7fffe849f040 <code_gen_buffer+4845587>, +pc=46912625654024, last_tb=0x7fffffffde30, tb_exit=0x7fffffffde20) at ../qemu/accel/tcg/cpu-exec.c:919 +#3 0x00007ffff7b3b0e0 in cpu_exec_loop (cpu=0x7ffff7f71010, sc=0x7fffffffdeb0) at ../qemu/accel/tcg/cpu-exec.c:1040 +#4 0x00007ffff7b3b19e in cpu_exec_setjmp (cpu=0x7ffff7f71010, sc=0x7fffffffdeb0) +at ../qemu/accel/tcg/cpu-exec.c:1057 +#5 0x00007ffff7b3b225 in cpu_exec (cpu=0x7ffff7f71010) at ../qemu/accel/tcg/cpu-exec.c:1083 +#6 0x00007ffff7a53707 in cpu_loop (env=0x7ffff7f71330) at ../qemu/linux-user/riscv/cpu_loop.c:37 +#7 0x00007ffff7b5d0e0 in main (argc=4, argv=0x7fffffffe768, envp=0x7fffffffe790) at ../qemu/linux-user/main.c:999 +``` + +``` +0x7fffe849f105 <code_gen_buffer+4845784> jl 0x7fffe849f265 <code_gen_buffer+4846136> │ +│ 0x7fffe849f10b <code_gen_buffer+4845790> mov 0x50(%rbp),%rbx │ +│ 0x7fffe849f10f <code_gen_buffer+4845794> mov %rbx,%r12 │ +│ 0x7fffe849f112 <code_gen_buffer+4845797> mov %r12,0x70(%rbp) │ +│ 0x7fffe849f116 <code_gen_buffer+4845801> movabs $0x2aaaaf9bb000,%r13 │ +│ 0x7fffe849f120 <code_gen_buffer+4845811> mov %r13,0x38(%rbp) │ +│ 0x7fffe849f124 <code_gen_buffer+4845815> movq $0xffffffffaf9bb000,0x60(%rbp) │ +│ 0x7fffe849f12c <code_gen_buffer+4845823> mov $0xffffffffaf9bb4e0,%r13 │ +│ > 0x7fffe849f133 <code_gen_buffer+4845830> movzwl 0x0(%r13),%r13d │ +│ 0x7fffe849f138 <code_gen_buffer+4845835> and $0x7f,%ebx │ +│ 0x7fffe849f13b <code_gen_buffer+4845838> shl $0x7,%r13 │ +│ 0x7fffe849f13f <code_gen_buffer+4845842> add %r13,%rbx │ +│ 0x7fffe849f142 <code_gen_buffer+4845845> mov %rbx,0x50(%rbp) │ +│ 0x7fffe849f146 <code_gen_buffer+4845849> shl %rbx │ +│ 0x7fffe849f149 <code_gen_buffer+4845852> mov %rbx,0x38(%rbp) │ +│ 0x7fffe849f14d <code_gen_buffer+4845856> movabs $0x2aaaaf9a88e0,%r13 │ +│ 0x7fffe849f157 <code_gen_buffer+4845866> add %r13,%rbx │ +│ 0x7fffe849f15a <code_gen_buffer+4845869> mov %rbx,0x60(%rbp) +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1908551 b/results/classifier/deepseek-r1:32b/output/runtime/1908551 new file mode 100644 index 000000000..42a66cbf9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1908551 @@ -0,0 +1,57 @@ + + + +aarch64 SVE emulation breaks strnlen and strrchr + +arm optimized-routines have sve string functions with test code. + +the test worked up until recently: with qemu-5.2.0 i see + +$ qemu-aarch64 build/bin/test/strnlen +PASS strnlen +PASS __strnlen_aarch64 +__strnlen_aarch64_sve (0x490fa0, 32) len 32 returned 64, expected 32 +input: "abcdefghijklmnopqrstuvwxyz\{|}~\x7f\x80" +__strnlen_aarch64_sve (0x490fa0, 32) len 33 returned 64, expected 32 +input: "abcdefghijklmnopqrstuvwxyz\{|}~\x7f\x80a" +__strnlen_aarch64_sve (0x490fa0, 33) len 33 returned 64, expected 33 +input: "abcdefghijklmnopqrstuvwxyz\{|}~\x7f\x80a" +__strnlen_aarch64_sve (0x490fa0, 32) len 34 returned 64, expected 32 +input: "abcdefghijklmnopqrstuvwxyz\{|}~\x7f\x80ab" +__strnlen_aarch64_sve (0x490fa0, 33) len 34 returned 64, expected 33 +input: "abcdefghijklmnopqrstuvwxyz\{|}~\x7f\x80ab" +__strnlen_aarch64_sve (0x490fa0, 34) len 34 returned 64, expected 34 +input: "abcdefghijklmnopqrstuvwxyz\{|}~\x7f\x80ab" +__strnlen_aarch64_sve (0x490fa0, 32) len 35 returned 64, expected 32 +input: "abcdefghijklmnopqrstuvwxyz\{|}~\x7f\x80a\x00c" +__strnlen_aarch64_sve (0x490fa0, 33) len 35 returned 64, expected 33 +input: "abcdefghijklmnopqrstuvwxyz\{|}~\x7f\x80ab\x00" +__strnlen_aarch64_sve (0x490fa0, 34) len 35 returned 64, expected 34 +input: "abcdefghijklmnopqrstuvwxyz\{|}~\x7f\x80abc" +__strnlen_aarch64_sve (0x490fa0, 35) len 35 returned 64, expected 35 +input: "abcdefghijklmnopqrstuvwxyz\{|}~\x7f\x80abc" +FAIL __strnlen_aarch64_sve + +however the test passes with + +qemu-aarch64 -cpu max,sve-max-vq=2 + +there should be nothing vector length specific in the code. + +i haven't debugged it further, to reproduce the issue clone +https://github.com/ARM-software/optimized-routines + +and run 'make build/bin/test/strnlen' with a config.mk like + +SUBS = string +ARCH = aarch64 +CROSS_COMPILE = aarch64-none-linux-gnu- +CC = $(CROSS_COMPILE)gcc +CFLAGS = -std=c99 -pipe -O3 +CFLAGS += -march=armv8.2-a+sve +EMULATOR = qemu-aarch64 + +(native compilation works too, and you can run 'make check' to +run all string tests) this will build a static linked executable +into build/bin/test. if you want a smaller test case edit +string/test/strnlen.c \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1909921 b/results/classifier/deepseek-r1:32b/output/runtime/1909921 new file mode 100644 index 000000000..ed041b772 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1909921 @@ -0,0 +1,25 @@ + + + + Raspberry Pi 4 qemu:handle_cpu_signal received signal outside vCPU context @ pc=0xffff87709b0e + +Hello, + +I have a Raspberry Pi 4 with an ESXi hypervisor installed on it (ESXi ARM Edition). +I created a CentOS 7 VM on it and I'm using a Docker container which is running qemu inside it. + +This container is a Debian Bullseye OS and I'm using qemu-i386 to start my application inside it. +The error given by qemu is the following : + +qemu:handle_cpu_signal received signal outside vCPU context @ pc=0xffff9d5f9b0e +qemu:handle_cpu_signal received signal outside vCPU context @ pc=0xffff82f29b0e + +(The pc= value is always different, I guess it is randomly generated). + +My qemu version is : qemu-i386 version 5.1.0 (Debian 1:5.1+dfsg-4+b1) + +Could you please help me? Why am I facing this error? + +Feel free to ask any questions regarding this matter in order to find a solution to it! + +Regards \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1910 b/results/classifier/deepseek-r1:32b/output/runtime/1910 new file mode 100644 index 000000000..cd18fcd56 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1910 @@ -0,0 +1,65 @@ + + + +Signal handlers in x86_64 userspace have wrongly aligned stack +Description of problem: +Various applications crash in signal handlers due to `movaps` getting a misaligned stack address. For some reason this is reported as a NULL deref, but `gdb` clearly shows the true cause. + +```plaintext +> qemu-x86_64 /usr/bin/ruby -e '`true`' +-e:1: [BUG] Segmentation fault at 0x0000000000000000 +ruby 3.2.2 (2023-03-30 revision e51014f9c0) [x86_64-linux-gnu] + +-- Control frame information ----------------------------------------------- +c:0003 p:---- s:0011 e:000010 CFUNC :` +c:0002 p:0005 s:0006 e:000005 EVAL -e:1 [FINISH] +c:0001 p:0000 s:0003 E:0015b0 DUMMY [FINISH] + +-- Ruby level backtrace information ---------------------------------------- +-e:1:in `<main>' +-e:1:in ``' + +-- Machine register context ------------------------------------------------ + RIP: 0x00002aaaab50f98a RBP: 0x00002aaaabb136b8 RSP: 0x00002aaaab2a9c98 + RAX: 0x0000000000000000 RBX: 0x0000000000004946 RCX: 0x0000000000000000 + RDX: 0x00002aaaab2a9c98 RDI: 0x000000000caf0000 RSI: 0x0000000000000000 + R8: 0x00002aaaab2aaa50 R9: 0x0000000000000050 R10: 0x0000000000000008 + R11: 0x0000000000000000 R12: 0x0000000000000002 R13: 0x0000000000007310 + R14: 0x0000000000005e10 R15: 0x00002aaab0537f20 EFL: 0x0000000000000246 + +-- C level backtrace information ------------------------------------------- +``` + +```plaintext +(gdb) x/i $pc +=> 0x2aaaab50f98a: movaps %xmm0,(%rsp) +(gdb) p/x $rsp +$3 = 0x2aaaab2a9998 +``` +Steps to reproduce: +1. ```qemu-x86_64 /usr/bin/ruby -e '`true`'``` +Additional information: +The x86_64 psABI says: + +> the value (%rsp − 8) is always a multiple of 16 when control is transferred to the function entry point. + +However, when QEMU jumps to the signal handler, $rsp is aligned to 16B, i.e. ends in `0x..0`. + +The relevant kernel code: + +https://elixir.bootlin.com/linux/v6.5.5/source/arch/x86/kernel/signal.c#L123 + +```plaintext + sp -= frame_size; + + if (ia32_frame) + /* + * Align the stack pointer according to the i386 ABI, + * i.e. so that on function entry ((sp + 4) & 15) == 0. + */ + sp = ((sp + 4) & -FRAME_ALIGNMENT) - 4; + else + sp = round_down(sp, FRAME_ALIGNMENT) - 8; +``` + +CC @lvivier @bonzini @rth7680 diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1913 b/results/classifier/deepseek-r1:32b/output/runtime/1913 new file mode 100644 index 000000000..155199be1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1913 @@ -0,0 +1,22 @@ + + + +Regression in 8.1.1: qemu-aarch64-static running ldconfig +Description of problem: +Since updating to 8.1.1, qemu crashes when running ldconfig in my sysroot (It's a more or less default Ubuntu 22.04 arm64 rootfs) +Steps to reproduce: +1. Download the arm64 ubuntu base from https://cdimage.ubuntu.com/ubuntu-base/releases/jammy/release/ +2. Extract it +3. Run `qemu-aarch64-static rootfs/sbin/ldconfig.real -r rootfs` where `rootfs` is where you extracted it with qemu 8.1.1 + +```bash +$ qemu-aarch64-static --version +qemu-aarch64 version 8.1.0 +$ qemu-aarch64-static rootfs/sbin/ldconfig.real -r rootfs +<works> +$ sudo pacman -U /var/cache/pacman/pkg/qemu-user-static*-8.1.1*.zst +$ qemu-aarch64-static --version +qemu-aarch64 version 8.1.1 +$ qemu-aarch64-static rootfs/sbin/ldconfig.real -r rootfs +<segfault> +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1914870 b/results/classifier/deepseek-r1:32b/output/runtime/1914870 new file mode 100644 index 000000000..9a7c055ba --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1914870 @@ -0,0 +1,60 @@ + + + +libvixl compilation failure on Debian unstable + +As of commit 0e324626306: + +$ lsb_release -d +Description: Debian GNU/Linux bullseye/sid + +Project version: 5.2.50 +C compiler for the host machine: cc (gcc 10.2.1 "cc (Debian 10.2.1-6) 10.2.1 20210110") +C linker for the host machine: cc ld.bfd 2.35.1 +C++ compiler for the host machine: c++ (gcc 10.2.1 "c++ (Debian 10.2.1-6) 10.2.1 20210110") +C++ linker for the host machine: c++ ld.bfd 2.35.1 + +[6/79] Compiling C++ object libcommon.fa.p/disas_libvixl_vixl_utils.cc.o +FAILED: libcommon.fa.p/disas_libvixl_vixl_utils.cc.o +c++ -Ilibcommon.fa.p -I. -I.. -Iqapi -Itrace -Iui/shader -I/usr/include/capstone -I/usr/include/glib-2.0 -I/usr/lib/hppa-linux-gnu/glib-2.0/include -fdiagnostics-color=auto -pipe -Wall -Winvalid-pch -Wnon-virtual-dtor -Werror -std=gnu++11 -O2 -g -isystem /home/philmd/qemu/linux-headers -isystem linux-headers -iquote . -iquote /home/philmd/qemu -iquote /home/philmd/qemu/include -iquote /home/philmd/qemu/disas/libvixl -iquote /home/philmd/qemu/tcg/hppa -iquote /home/philmd/qemu/accel/tcg -pthread -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -Wundef -Wwrite-strings -fno-strict-aliasing -fno-common -fwrapv -Wtype-limits -Wformat-security -Wformat-y2k -Winit-self -Wignored-qualifiers -Wempty-body -Wendif-labels -Wexpansion-to-defined -Wimplicit-fallthrough=2 -Wno-missing-include-dirs -Wno-shift-negative-value -Wno-psabi -fPIE -MD -MQ libcommon.fa.p/disas_libvixl_vixl_utils.cc.o -MF libcommon.fa.p/disas_libvixl_vixl_utils.cc.o.d -o libcommon.fa.p/disas_libvixl_vixl_utils.cc.o -c ../disas/libvixl/vixl/utils.cc +In file included from /home/philmd/qemu/disas/libvixl/vixl/utils.h:30, + from ../disas/libvixl/vixl/utils.cc:27: +/usr/include/string.h:36:43: error: missing binary operator before token "(" + 36 | #if defined __cplusplus && (__GNUC_PREREQ (4, 4) \ + | ^ +/usr/include/string.h:53:62: error: missing binary operator before token "(" + 53 | #if defined __USE_MISC || defined __USE_XOPEN || __GLIBC_USE (ISOC2X) + | ^ +/usr/include/string.h:165:21: error: missing binary operator before token "(" + 165 | || __GLIBC_USE (LIB_EXT2) || __GLIBC_USE (ISOC2X)) + | ^ +/usr/include/string.h:174:43: error: missing binary operator before token "(" + 174 | #if defined __USE_XOPEN2K8 || __GLIBC_USE (LIB_EXT2) || __GLIBC_USE (ISOC2X) + | ^ +/usr/include/string.h:492:19: error: missing binary operator before token "(" + 492 | #if __GNUC_PREREQ (3,4) + | ^ +In file included from /home/philmd/qemu/disas/libvixl/vixl/utils.h:30, + from ../disas/libvixl/vixl/utils.cc:27: +/usr/include/string.h:28:1: error: ‘__BEGIN_DECLS’ does not name a type + 28 | __BEGIN_DECLS + | ^~~~~~~~~~~~~ +In file included from /home/philmd/qemu/disas/libvixl/vixl/utils.h:30, + from ../disas/libvixl/vixl/utils.cc:27: +/usr/include/string.h:44:8: error: ‘size_t’ has not been declared + 44 | size_t __n) __THROW __nonnull ((1, 2)); + | ^~~~~~ +/usr/include/string.h:44:20: error: expected initializer before ‘__THROW’ + 44 | size_t __n) __THROW __nonnull ((1, 2)); + | ^~~~~~~ +/usr/include/string.h:47:56: error: ‘size_t’ has not been declared + 47 | extern void *memmove (void *__dest, const void *__src, size_t __n) + | ^~~~~~ +/usr/include/string.h:48:6: error: expected initializer before ‘__THROW’ + 48 | __THROW __nonnull ((1, 2)); + | ^~~~~~~ +/usr/include/string.h:61:42: error: ‘size_t’ has not been declared + 61 | extern void *memset (void *__s, int __c, size_t __n) __THROW __nonnull ((1)); + | ^~~~~~ + +Is there a package dependency missing? \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1915531 b/results/classifier/deepseek-r1:32b/output/runtime/1915531 new file mode 100644 index 000000000..dc0a16e53 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1915531 @@ -0,0 +1,57 @@ + + + +qemu-user child process hangs when forking due to glib allocation + +I and others have recently been using qemu-user for RISCV64 extensively. We have had many hangs. We have found that hangs happen in process with multiple threads and forking. For example +`cargo` (a tool for the Rust compiler). + +It does not matter if there are a lot of calls to fork. What seems to matter most is that there are many threads running. So this happens more often on a CPU with a massive number of cores, and if nothing else is really running. The hang happens in the child process of the fork. + +To reproduce the problem, I have attached an example of C++ program to run through qemu-user. + +Here are the stacks of the child processes that hanged. This is for qemu c973f06521b07af0f82893b75a1d55562fffb4b5 with glib 2.66.4 + +------- +Thread 1: +#0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 +#1 0x00007f54e190c77c in g_mutex_lock_slowpath (mutex=mutex@entry=0x7f54e1dc7600 <allocator+96>) at ../glib/gthread-posix.c:1462 +#2 0x00007f54e190d222 in g_mutex_lock (mutex=mutex@entry=0x7f54e1dc7600 <allocator+96>) at ../glib/gthread-posix.c:1486 +#3 0x00007f54e18e39f2 in magazine_cache_pop_magazine (countp=0x7f54280e6638, ix=2) at ../glib/gslice.c:769 +#4 thread_memory_magazine1_reload (ix=2, tmem=0x7f54280e6600) at ../glib/gslice.c:845 +#5 g_slice_alloc (mem_size=mem_size@entry=40) at ../glib/gslice.c:1058 +#6 0x00007f54e18f06fa in g_tree_node_new (value=0x7f54d4066540 <code_gen_buffer+419091>, key=0x7f54d4066560 <code_gen_buffer+419123>) at ../glib/gtree.c:517 +#7 g_tree_insert_internal (tree=0x555556aed800, key=0x7f54d4066560 <code_gen_buffer+419123>, value=0x7f54d4066540 <code_gen_buffer+419091>, replace=0) at ../glib/gtree.c:517 +#8 0x00007f54e186b755 in tcg_tb_insert (tb=0x7f54d4066540 <code_gen_buffer+419091>) at ../tcg/tcg.c:534 +#9 0x00007f54e1820545 in tb_gen_code (cpu=0x7f54980b4b60, pc=274906407438, cs_base=0, flags=24832, cflags=-16252928) at ../accel/tcg/translate-all.c:2118 +#10 0x00007f54e18034a5 in tb_find (cpu=0x7f54980b4b60, last_tb=0x7f54d4066440 <code_gen_buffer+418835>, tb_exit=0, cf_mask=524288) at ../accel/tcg/cpu-exec.c:462 +#11 0x00007f54e1803bd9 in cpu_exec (cpu=0x7f54980b4b60) at ../accel/tcg/cpu-exec.c:818 +#12 0x00007f54e1735a4c in cpu_loop (env=0x7f54980bce40) at ../linux-user/riscv/cpu_loop.c:37 +#13 0x00007f54e1844b22 in clone_func (arg=0x7f5402f3b080) at ../linux-user/syscall.c:6422 +#14 0x00007f54e191950a in start_thread (arg=<optimized out>) at pthread_create.c:477 +#15 0x00007f54e19a52a3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 + +Thread 2: +#1 0x00007f54e18a8d6e in qemu_futex_wait (f=0x7f54e1dc7038 <rcu_call_ready_event>, val=4294967295) at /var/home/valentin/repos/qemu/include/qemu/futex.h:29 +#2 0x00007f54e18a8f32 in qemu_event_wait (ev=0x7f54e1dc7038 <rcu_call_ready_event>) at ../util/qemu-thread-posix.c:460 +#3 0x00007f54e18c0196 in call_rcu_thread (opaque=0x0) at ../util/rcu.c:258 +#4 0x00007f54e18a90eb in qemu_thread_start (args=0x7f5428244930) at ../util/qemu-thread-posix.c:521 +#5 0x00007f54e191950a in start_thread (arg=<optimized out>) at pthread_create.c:477 +#6 0x00007f54e19a52a3 in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95 +------- + +Thread 1 seems to be the really hanged process. + +The problem is that glib is used in many places. Allocations are done through g_slice. g_slice has a global state that is not fork safe. + +So even though the cpu thread is set to exclusive before forking, it is not enough. Because there are other uses of glib data structures that are not part of the cpu loop (I think). So it seems not to be synchronized by `start_exclusive`, `end_exclusive`. + +So if one of the use of glib data structure is used during the fork, an allocation might lock a mutex in g_slice. + +When the cpu loop resumes in forked process, then the use of any glib data structure might just hang on a locked mutex in g_slice. + +So as a work-around we have starting using is setting environment `G_SLICE=always-malloc`. This resolves the hangs. + +I have opened an issue upstream: https://gitlab.gnome.org/GNOME/glib/-/issues/2326 + +As fork documentation says, the child should be async-signal-safe. However, glibc's malloc is safe in fork child even though it is not async-signal-safe. So it is not that obvious where the responsability is. Should glib handle this case like malloc does? Or should qemu not use glib in the fork child? \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1915925 b/results/classifier/deepseek-r1:32b/output/runtime/1915925 new file mode 100644 index 000000000..dd9f8600c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1915925 @@ -0,0 +1,20 @@ + + + +ARM semihosting HEAPINFO results wrote to wrong address + +This affects latest development branch of QEMU. + +According to the ARM spec of the HEAPINFO semihosting call: + +https://developer.arm.com/documentation/100863/0300/Semihosting-operations/SYS-HEAPINFO--0x16-?lang=en + +> the PARAMETER REGISTER contains the address of a pointer to a four-field data block. + +However, QEMU treated the PARAMETER REGISTER as pointing to a four-field data block directly. + +Here is a simple program that can demonstrate this problem: https://github.com/iNvEr7/qemu-learn/tree/newlib-bug/semihosting-newlib + +This code links with newlib with semihosting mode, which will call the HEAPINFO SVC during crt0 routine. When running in QEMU (make run), it may crash the program either because of invalid write or memory curruption, depending on the compiled program structure. + +Also refer to my discussion with newlib folks: https://sourceware.org/pipermail/newlib/2021/018260.html \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1916344 b/results/classifier/deepseek-r1:32b/output/runtime/1916344 new file mode 100644 index 000000000..5d13405ec --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1916344 @@ -0,0 +1,27 @@ + + + +User mode networking not working properly on QEMU on Mac OS X host + +Steps to reproduce: + +1. Install QEMU using homebrew on Mac OS X (I used Big Sur) +2. Spin up a guest VM (say) Cent OS8 using user mode networking. +3. Install podman inside the guest +4. Run podman pull alpine + +The result is: + +[root@localhost ~]# podman pull alpine +Resolved "alpine" as an alias (/etc/containers/registries.conf.d/shortnames.conf) +Trying to pull docker.io/library/alpine:latest... +Getting image source signatures +Copying blob ba3557a56b15 [======================================] 2.7MiB / 2.7MiB + unexpected EOF +Error: Error writing blob: error storing blob to file "/var/tmp/storage851171596/1": error happened during read: unexpected EOF + +This is happening because QEMU is telling the guest that the TCP connection is closed even before reading all the data from the host socket and forwarding it to the guest. + +This issue doesn't happen on a Linux host. So, that tells me that this has something to do with QEMU installation on Mac OS X. + +This could be a slirp related issue. So, QEMU/slirp may need to work together on fixing this. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1917184 b/results/classifier/deepseek-r1:32b/output/runtime/1917184 new file mode 100644 index 000000000..f7314da81 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1917184 @@ -0,0 +1,8 @@ + + + +qemu-user vm86() segfaults handling interrupt with ss:sp in same page as cs:ip + +When using qemu-i386 to run a program that uses vm86(), if the vm86 code calls an interrupt while cs:ip and ss:sp both point within the same page, do_int tries to write to the page while it is not writable, causing a segfault. + +qemu version 5.2.0, x86-64 host. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1918026 b/results/classifier/deepseek-r1:32b/output/runtime/1918026 new file mode 100644 index 000000000..17a762155 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1918026 @@ -0,0 +1,32 @@ + + + +RISCV64 32-bit AMOs incorrectly simulated + +Version: qemu-riscv64 version 4.2.1 (Debian 1:4.2-3ubuntu6.14) + +test: + amomaxu.w a0, a1, (a0) + ret + +int32_t* value = -7; +EXPECT_EQ(-7, test(&value, -11)); +EXPECT_EQ(-7, value); // FAIL, saw -11 +EXPECT_EQ(-7, test(&value, -7)); +EXPECT_EQ(-7, value); // FAIL, raw -11 +EXPECT_EQ(-7, test(&value, -4)); +EXPECT_EQ(-4, value); + +test: + amomax.w a0, a1, (a0) + ret + +int32_t* value = -7; +EXPECT_EQ(-7, test(&value, -11)); +EXPECT_EQ(-7, value); +EXPECT_EQ(-7, test(&value, -7)); +EXPECT_EQ(-7, value); +EXPECT_EQ(-7, test(&value, -4)); +EXPECT_EQ(-4, value); // FAIL, saw -7 + +I suspect that trans_amo<op>_w should be using tcg_gen_atomic_fetch_<op>_i32 instead of tcg_gen_atomic_fetch_<op>_tl. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1926044 b/results/classifier/deepseek-r1:32b/output/runtime/1926044 new file mode 100644 index 000000000..c1dcc0401 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1926044 @@ -0,0 +1,33 @@ + + + +QEMU-user doesn't report HWCAP2_MTE + +Reproducible on ffa090bc56e73e287a63261e70ac02c0970be61a + +Host Debian 5.10.24 x86_64 GNU + +Configured with "configure --disable-system --enable-linux-user --static" + +This one works and prints "OK" as expected: +clang tests/tcg/aarch64/mte-3.c -target aarch64-linux-gnu -fsanitize=memtag -march=armv8+memtag +qemu-aarch64 --cpu max -L /usr/aarch64-linux-gnu ./a.out && echo OK + + +This one fails and print "0": +cat mytest.c +#include <stdio.h> +#include <sys/auxv.h> + +#ifndef HWCAP2_MTE +#define HWCAP2_MTE (1 << 18) +#endif + +int main(int ac, char **av) +{ + printf("%d\n", (int)(getauxval(AT_HWCAP2) & HWCAP2_MTE)); +} + + +clang mytest.c -target aarch64-linux-gnu -fsanitize=memtag -march=armv8+memtag +qemu-aarch64 --cpu max -L /usr/aarch64-linux-gnu ./a.out \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1926202 b/results/classifier/deepseek-r1:32b/output/runtime/1926202 new file mode 100644 index 000000000..8a2a96e8b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1926202 @@ -0,0 +1,21 @@ + + + +qemu-user can't run some ppc binaries + +qemu-user v6.0.0-rc5, built in static mode, will crash for certain ppc binaries. It seems to have something to do with glibc for some Centos versions. The problem is easiest to see with statically-linked binaries. + +The attached Dockerfile shows how to produce a ppc binary that will crash qemu-user. Here is how to reproduce the problem: + +$ uname -m +x86_64 +$ docker run --rm --privileged multiarch/qemu-user-static --reset -p yes +$ docker build -t qemu-bug:centos -f Dockerfile.centos . +$ docker run --rm -it -v$PWD:$PWD -w$PWD qemu-bug:centos cp /helloworld-centos.static.ppc . +$ qemu-ppc version 5.2.95 (v6.0.0-rc5) +Copyright (c) 2003-2021 Fabrice Bellard and the QEMU Project developers +$ qemu-ppc-static ./helloworld-centos.static.ppc +emu: uncaught target signal 4 (Illegal instruction) - core dumped +[1] 16678 illegal hardware instruction (core dumped) qemu-ppc-static ./helloworld-centos.static.ppc + +I can also provide the binary if necessary. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1926246 b/results/classifier/deepseek-r1:32b/output/runtime/1926246 new file mode 100644 index 000000000..d4b24928f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1926246 @@ -0,0 +1,53 @@ + + + +chrome based apps can not be run under qemu user mode + +chrome uses /proc/self/exe to fork render process. +Here a simple code to reproduce the issue. It's output parent then child but failed with qemu: unknown option 'type=renderer'. + +Maybe we can modify exec syscall to replace /proc/self/exe to the real path. + +//gcc -o self self.c +#include <stdio.h> +#include <sys/types.h> +#include <unistd.h> +int main(int argc, char** argv) { + if(argc==1){ + printf ("parent\n"); + if ( fork() == 0 ) + { + return execl("/proc/self/exe","/proc/self/exe", "--type=renderer",NULL); + } + } else { + printf ("child\n"); + } + return 0; +} + +similar reports: +https://github.com/AppImage/AppImageKit/issues/965 +https://github.com/golang/go/issues/42080 + +Workardound: +compile chrome or your chrome based app with a patch to content/common/child_process_host_impl.cc:GetChildPath, get the realpath of /proc/self/exe: + +diff --git a/content/common/child_process_host_impl.cc b/content/common/child_process_host_impl.cc +index bc78aba80ac8..9fab74d3bae8 100644 +--- a/content/common/child_process_host_impl.cc ++++ b/content/common/child_process_host_impl.cc +@@ -60,8 +60,12 @@ base::FilePath ChildProcessHost::GetChildPath(int flags) { + #if defined(OS_LINUX) + // Use /proc/self/exe rather than our known binary path so updates + // can't swap out the binary from underneath us. +- if (child_path.empty() && flags & CHILD_ALLOW_SELF) +- child_path = base::FilePath(base::kProcSelfExe); ++ if (child_path.empty() && flags & CHILD_ALLOW_SELF) { ++ if (!ReadSymbolicLink(base::FilePath(base::kProcSelfExe), &child_path)) { ++ NOTREACHED() << "Unable to resolve " << base::kProcSelfExe << "."; ++ child_path = base::FilePath(base::kProcSelfExe); ++ } ++ } + #endif + + // On most platforms, the child executable is the same as the current \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1927530 b/results/classifier/deepseek-r1:32b/output/runtime/1927530 new file mode 100644 index 000000000..605bf2ed4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1927530 @@ -0,0 +1,42 @@ + + + +qemu-aarch64 MTE fails to report tag mismatch + +Hi, + +While running the GCC testsuite with qemu-6.0 as simulator, I noticed several errors in the hwasan testsuite (output pattern tests). + +I am attaching: +bitfield-2.exe +ld-linux-aarch64.so.1 +libc.so.6 +libdl.so.2 +libhwasan.so.0 +libm.so.6 +libpthread.so.0 +librt.so.1 + +The testcase can be executed via: +qemu-aarch64 -L . bitfield-2.exe + +it currently generates: +HWAddressSanitizer:DEADLYSIGNAL +==21137==ERROR: HWAddressSanitizer: SEGV on unknown address 0x0000000000f0 (pc 0x00550084e318 bp 0x005f01650d00 sp 0x005f01650d00 T21137) +==21137==The signal is caused by a UNKNOWN memory access. +==21137==Hint: address points to the zero page. + #0 0x550084e318 in GetAccessInfo /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/libsanitizer/hwasan/hwasan_linux.cpp:339 + #1 0x550084e318 in HwasanOnSIGTRAP /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/libsanitizer/hwasan/hwasan_linux.cpp:401 + #2 0x550084e318 in __hwasan::HwasanOnDeadlySignal(int, void*, void*) /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/libsanitizer/hwasan/hwasan_linux.cpp:426 + #3 0x5f01651fec (<unknown module>) + #4 0x550084b508 in __hwasan_load2 /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/libsanitizer/hwasan/hwasan.cpp:379 + #5 0x400768 in f /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/gcc/testsuite/c-c++-common/hwasan/bitfield-2.c:17 + #6 0x4007d0 in main /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/gcc/testsuite/c-c++-common/hwasan/bitfield-2.c:24 + #7 0x550124cee0 in __libc_start_main ../csu/libc-start.c:308 + #8 0x400688 (/home/christophe.lyon/qemu-bug-hwasan-aarch64/bitfield-2.exe+0x400688) + +HWAddressSanitizer can not provide additional info. +SUMMARY: HWAddressSanitizer: SEGV /home/christophe.lyon/src/GCC/sources/gcc-fsf-git/trunk/libsanitizer/hwasan/hwasan_linux.cpp:339 in GetAccessInfo +==21146==ABORTING + +while the testcase expects HWAddressSanitizer: tag-mismatch on address 0x..... \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1930 b/results/classifier/deepseek-r1:32b/output/runtime/1930 new file mode 100644 index 000000000..65a18ca72 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1930 @@ -0,0 +1,49 @@ + + + +qemu-aarch64 results in segmentation fault while running a test binary compiled for QNX +Description of problem: +We have cross compiled a simple hello world program for QNX SDP 7.1.0 on Ubuntu Focal x86_64. Running the binary using qemu-aarch64 results in segmentation fault error. + +``` + $ qemu-aarch64 -L /home/vsts/qnx710/target/qnx7/aarch64le ./hello-world + qemu: uncaught target signal 11 (Segmentation fault) - core dumped + Segmentation fault (core dumped) +``` + +We also tried Ubuntu Jammy which has qemu-aarch64 v6.2.0 but got the same error. +Can you tell us how we can emulate the binary using QEMU emulator that is built for QNX on x86_64 platform? Any help would be much appreciated. +Steps to reproduce: +1. Download QNX SDP from QNX software center https://www.qnx.com/download/group.html?programid=29178. +2. Write a simple hello world program. + +``` + #include <stdio.h> + + int main(void) { + return printf("Hello World!"); + } +``` + +3. Source QNX SDP to set some environment variables. + + `$ source ./qnx710/qnxsdp-env.sh` + +4. Compile using the QNX compiler. + + `$ qcc -Vgcc_ntoaarch64le -o hello-world hello-world.c` + +5. Running the binary as it is results to: + +``` + $ ./hello-world + aarch64-binfmt-P: Could not open '/usr/lib/ldqnx-64.so.2': No such file or directory +``` + +5. Running using QEMU emulator results to segmentation fault. + +``` + $ qemu-aarch64 -L /home/vsts/qnx710/target/qnx7/aarch64le ./hello-world + qemu: uncaught target signal 11 (Segmentation fault) - core dumped + Segmentation fault (core dumped) +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1936977 b/results/classifier/deepseek-r1:32b/output/runtime/1936977 new file mode 100644 index 000000000..50182117e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1936977 @@ -0,0 +1,10 @@ + + + + qemu-arm-static crashes "segmentation fault" when running "git clone" + +This is a reopen of #1869073 for `qemu-user-static/focal-updates,focal-security,now 1:4.2-3ubuntu6.17 amd64`. + +`git clone` reproducably segfaults in `qemu-arm-static` chroot. + +#1869073 mentions this should have been fixed for newer versions of QEMU, but for `focal` there's no newer version available, even in `focal-backports`. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1941 b/results/classifier/deepseek-r1:32b/output/runtime/1941 new file mode 100644 index 000000000..4624fd6d6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1941 @@ -0,0 +1,105 @@ + + + +ppc64: VSX vector float to integer conversion instructions do not always return expected results on QEMU 8.0.4 if source vector has NaN values +Description of problem: +The problem is that the VSX xvcvspsxws/xvcvdpsxws/xvcvspsxds/xvcvdpsxds/xvcvspuxws/xvcvdpuxds/xvcvspuxds/xvcvdpuxws instructions incorrectly convert the preceding non-NaN source values to the NaN to integer result instead of the expected non-NaN to integer conversion result with qemu-ppc64le 8.0.4. + +Here are the results of the VSX operations whose results differ from the expected results with QEMU 8.0.4 (generated by running the vsx_f2i_nan_test_program_101423 test program with qemu-ppc64le 8.0.4): +``` +xvcvspsxds ({1, 2, 3, nan}) = {-9223372036854775808, -9223372036854775808} +xvcvspsxds ({nan, 2, 3, nan}) = {-9223372036854775808, -9223372036854775808} +xvcvspsxds ({1, 2, nan, nan}) = {-9223372036854775808, -9223372036854775808} +xvcvspsxds ({nan, 2, nan, nan}) = {-9223372036854775808, -9223372036854775808} + +xvcvspsxws ({1, nan, 3, 4}) = {-2147483648, -2147483648, 3, 4} +xvcvspsxws ({1, 2, nan, 4}) = {-2147483648, -2147483648, -2147483648, 4} +xvcvspsxws ({nan, 2, nan, 4}) = {-2147483648, -2147483648, -2147483648, 4} +xvcvspsxws ({1, nan, nan, 4}) = {-2147483648, -2147483648, -2147483648, 4} +xvcvspsxws ({1, 2, 3, nan}) = {-2147483648, -2147483648, -2147483648, -2147483648} +xvcvspsxws ({nan, 2, 3, nan}) = {-2147483648, -2147483648, -2147483648, -2147483648} +xvcvspsxws ({1, nan, 3, nan}) = {-2147483648, -2147483648, -2147483648, -2147483648} +xvcvspsxws ({nan, nan, 3, nan}) = {-2147483648, -2147483648, -2147483648, -2147483648} +xvcvspsxws ({1, 2, nan, nan}) = {-2147483648, -2147483648, -2147483648, -2147483648} +xvcvspsxws ({nan, 2, nan, nan}) = {-2147483648, -2147483648, -2147483648, -2147483648} +xvcvspsxws ({1, nan, nan, nan}) = {-2147483648, -2147483648, -2147483648, -2147483648} + +xvcvspuxds ({1, 2, 3, nan}) = {0, 0} +xvcvspuxds ({nan, 2, 3, nan}) = {0, 0} +xvcvspuxds ({1, 2, nan, nan}) = {0, 0} +xvcvspuxds ({nan, 2, nan, nan}) = {0, 0} + +xvcvspuxws ({1, nan, 3, 4}) = {0, 0, 3, 4} +xvcvspuxws ({1, 2, nan, 4}) = {0, 0, 0, 4} +xvcvspuxws ({nan, 2, nan, 4}) = {0, 0, 0, 4} +xvcvspuxws ({1, nan, nan, 4}) = {0, 0, 0, 4} +xvcvspuxws ({1, 2, 3, nan}) = {0, 0, 0, 0} +xvcvspuxws ({nan, 2, 3, nan}) = {0, 0, 0, 0} +xvcvspuxws ({1, nan, 3, nan}) = {0, 0, 0, 0} +xvcvspuxws ({nan, nan, 3, nan}) = {0, 0, 0, 0} +xvcvspuxws ({1, 2, nan, nan}) = {0, 0, 0, 0} +xvcvspuxws ({nan, 2, nan, nan}) = {0, 0, 0, 0} +xvcvspuxws ({1, nan, nan, nan}) = {0, 0, 0, 0} + +xvcvdpsxws ({1, nan}) = {-2147483648, -2147483648, -2147483648, -2147483648} + +xvcvdpuxws ({1, nan}) = {0, 0, 0, 0} + +xvcvdpsxds ({1, nan}) = {-9223372036854775808, -9223372036854775808} + +xvcvdpuxds ({1, nan}) = {0, 0} +``` + +Here are the results of the same VSX conversion operations with QEMU 6.2.0 (generated by running the vsx_f2i_nan_test_program_101423 test program with qemu-ppc64le 6.2.0): +``` +xvcvspsxds ({1, 2, 3, nan}) = {2, -9223372036854775808} +xvcvspsxds ({nan, 2, 3, nan}) = {2, -9223372036854775808} +xvcvspsxds ({1, 2, nan, nan}) = {2, -9223372036854775808} +xvcvspsxds ({nan, 2, nan, nan}) = {2, -9223372036854775808} + +xvcvspsxws ({1, nan, 3, 4}) = {1, -2147483648, 3, 4} +xvcvspsxws ({1, 2, nan, 4}) = {1, 2, -2147483648, 4} +xvcvspsxws ({nan, 2, nan, 4}) = {-2147483648, 2, -2147483648, 4} +xvcvspsxws ({1, nan, nan, 4}) = {1, -2147483648, -2147483648, 4} +xvcvspsxws ({1, 2, 3, nan}) = {1, 2, 3, -2147483648} +xvcvspsxws ({nan, 2, 3, nan}) = {-2147483648, 2, 3, -2147483648} +xvcvspsxws ({1, nan, 3, nan}) = {1, -2147483648, 3, -2147483648} +xvcvspsxws ({nan, nan, 3, nan}) = {-2147483648, -2147483648, 3, -2147483648} +xvcvspsxws ({1, 2, nan, nan}) = {1, 2, -2147483648, -2147483648} +xvcvspsxws ({nan, 2, nan, nan}) = {-2147483648, 2, -2147483648, -2147483648} +xvcvspsxws ({1, nan, nan, nan}) = {1, -2147483648, -2147483648, -2147483648} + +xvcvspuxds ({1, 2, 3, nan}) = {2, 0} +xvcvspuxds ({nan, 2, 3, nan}) = {2, 0} +xvcvspuxds ({1, 2, nan, nan}) = {2, 0} +xvcvspuxds ({nan, 2, nan, nan}) = {2, 0} + +xvcvspuxws ({1, nan, 3, 4}) = {1, 0, 3, 4} +xvcvspuxws ({1, 2, nan, 4}) = {1, 2, 0, 4} +xvcvspuxws ({nan, 2, nan, 4}) = {0, 2, 0, 4} +xvcvspuxws ({1, nan, nan, 4}) = {1, 0, 0, 4} +xvcvspuxws ({1, 2, 3, nan}) = {1, 2, 3, 0} +xvcvspuxws ({nan, 2, 3, nan}) = {0, 2, 3, 0} +xvcvspuxws ({1, nan, 3, nan}) = {1, 0, 3, 0} +xvcvspuxws ({nan, nan, 3, nan}) = {0, 0, 3, 0} +xvcvspuxws ({1, 2, nan, nan}) = {1, 2, 0, 0} +xvcvspuxws ({nan, 2, nan, nan}) = {0, 2, 0, 0} +xvcvspuxws ({1, nan, nan, nan}) = {1, 0, 0, 0} + +xvcvdpsxws ({1, nan}) = {0, 1, 0, -2147483648} + +xvcvdpuxws ({1, nan}) = {0, 1, 0, 0} + +xvcvdpsxds ({1, nan}) = {1, -9223372036854775808} + +xvcvdpuxds ({1, nan}) = {1, 0} +``` +Steps to reproduce: +1. Compile the attached vsx_f2i_nan_test_program_101423.cpp with either `powerpc64le-linux-gnu-g++` or `clang --target=powerpc64le-linux-gnu` +2. Run the compiled vsx_f2i_nan_test_program_101423.cpp program using qemu-ppc64le +3. The vsx_f2i_nan_test_program_101423 program will return the results of the xvcvspsxws, xvcvdpsxws, xvcvspsxds, xvcvdpsxds, xvcvspuxws, xvcvdpuxds, xvcvspuxds, or xvcvdpuxws instruction. +Additional information: +Attachments: +- [vsx_f2i_nan_test_program_101423.cpp](/uploads/749395aee2da1dcc86790804106d30ea/vsx_f2i_nan_test_program_101423.cpp) +- [vsx_f2i_nan_test_program_101423_qemu_6.2.0_output.txt](/uploads/c883c4d04730a9c5a7e301e5d487ae2b/vsx_f2i_nan_test_program_101423_qemu_6.2.0_output.txt) - output of running vsx_f2i_nan_test_program_101423 with QEMU 6.2.0 +- [vsx_f2i_nan_test_program_101423_qemu_8.0.4_output.txt](/uploads/9451e3419f8a4f3ef2274b2ccc7ef22d/vsx_f2i_nan_test_program_101423_qemu_8.0.4_output.txt) - output of running vsx_f2i_nan_test_program_101423 with QEMU 8.0.4 diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1952 b/results/classifier/deepseek-r1:32b/output/runtime/1952 new file mode 100644 index 000000000..b08e13127 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1952 @@ -0,0 +1,99 @@ + + + +elf-linux-user: segfault caused by invalid loaddr extracted by the ELF loader +Description of problem: +Emulating ELF binaries as emitted by Zig may lead to segfault in QEMU, which typically looks like this + +``` +$ qemu-x86_64 simple +fish: Job 1, 'qemu-x86_64 simple' terminated by signal SIGSEGV (Address boundary error) +``` +Steps to reproduce: +1. Obtain latest Zig nightly +2. Compile simple static C program using Zig's ELF linker: + +``` +$ echo "int main() { return 0 };" > simple.c +$ zig build-exe simple.c -lc -target x86_64-linux-musl -fno-lld --image-base 0x1000000 +$ qemu-x86_64 simple +fish: Job 1, 'qemu-x86_64 simple' terminated by signal SIGSEGV (Address boundary error) +``` +Additional information: +Note that running `simple` directly it's correctly mmaped and executed by the kernel: + +``` +$ ./simple +$ echo $status +0 +``` + +The reason this happens is because of an assumption QEMU's ELF loader makes on the virtual addresses and offsets of `PT_LOAD` segments, namely: + +``` +vaddr2 - vaddr1 >= off2 - off1 +``` + +Typically, to the best of my knowledge, this is conformed to by the linkers in the large, but it is not required at all. Here's a one-line tweak to QEMU's loader that fixes the segfault: + +```diff +diff --git a/linux-user/elfload.c b/linux-user/elfload.c +index f21e2e0c3d..eabb4fed03 100644 +--- a/linux-user/elfload.c ++++ b/linux-user/elfload.c +@@ -3211,7 +3211,7 @@ static void load_elf_image(const char *image_name, int image_fd, + for (i = 0; i < ehdr->e_phnum; ++i) { + struct elf_phdr *eppnt = phdr + i; + if (eppnt->p_type == PT_LOAD) { +- abi_ulong a = eppnt->p_vaddr - eppnt->p_offset; ++ abi_ulong a = eppnt->p_vaddr & ~(eppnt->p_align - 1); + if (a < loaddr) { + loaddr = a; + } +``` + +The reason why this breaks for ELF binaries emitted by Zig is that while virtual addresses are allocated sequentially or pre-allocated, file offsets are allocated on a best-effort basis wherever there is enough space in the file to fit a given section/segment so that we can move the contents in file while preserving the allocated virtual addresses on a whim. To provide a more concrete example, here's the load segment layout for `simple` as emitted by Zig: + +``` +$ readelf -l simple + +Elf file type is EXEC (Executable file) +Entry point 0x1002000 +There are 7 program headers, starting at offset 64 + +Program Headers: + Type Offset VirtAddr PhysAddr + FileSiz MemSiz Flags Align + PHDR 0x0000000000000040 0x0000000001000040 0x0000000001000040 + 0x0000000000000188 0x0000000000000188 R 0x8 + LOAD 0x0000000000000000 0x0000000001000000 0x0000000001000000 + 0x00000000000001c8 0x00000000000001c8 R 0x1000 + LOAD 0x0000000000021000 0x0000000001001000 0x0000000001001000 + 0x0000000000000078 0x0000000000000078 R 0x1000 + LOAD 0x0000000000022000 0x0000000001002000 0x0000000001002000 + 0x000000000000065a 0x000000000000065a R E 0x1000 + LOAD 0x0000000000023000 0x0000000001003000 0x0000000001003000 + 0x0000000000000060 0x0000000000000278 RW 0x1000 + GNU_EH_FRAME 0x0000000000021064 0x0000000001001064 0x0000000001001064 + 0x0000000000000014 0x0000000000000014 R 0x4 + GNU_STACK 0x0000000000000000 0x0000000000000000 0x0000000000000000 + 0x0000000000000000 0x0000000000000000 RW 0x1 + + Section to Segment mapping: + Segment Sections... + 00 + 01 + 02 .rodata.str1.1 .rodata .eh_frame .eh_frame_hdr + 03 .text .init .fini + 04 .data .got .bss + 05 .eh_frame_hdr + 06 +``` + +As you can see, initially `loaddr := 0x1000000 - 0x0 = 0x1000000`. However, upon iterating over the second load segment, we already get + +``` +a := 0x1001000 - 0x21000 = 0xfe000 +``` + +and since `a < loaddr`, we incorrectly set `loaddr := 0xfe000`. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/1953 b/results/classifier/deepseek-r1:32b/output/runtime/1953 new file mode 100644 index 000000000..700d78cdc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/1953 @@ -0,0 +1,149 @@ + + + +Segmentation fault when compiling elixir app on qemu aarch64 on x86_64 host +Description of problem: +When I try to install an elixir escript using + +``` +mix escript.install github upmaru/pakman --force +``` + +I run into a segfault with the following output + +``` + + +Build and Deploy +failed Oct 22, 2023 in 1m 27s +2s +2s +22s +56s +remote: Compressing objects: 86% (144/167) +remote: Compressing objects: 87% (146/167) +remote: Compressing objects: 88% (147/167) +remote: Compressing objects: 89% (149/167) +remote: Compressing objects: 90% (151/167) +remote: Compressing objects: 91% (152/167) +remote: Compressing objects: 92% (154/167) +remote: Compressing objects: 93% (156/167) +remote: Compressing objects: 94% (157/167) +remote: Compressing objects: 95% (159/167) +remote: Compressing objects: 96% (161/167) +remote: Compressing objects: 97% (162/167) +remote: Compressing objects: 98% (164/167) +remote: Compressing objects: 99% (166/167) +remote: Compressing objects: 100% (167/167) +remote: Compressing objects: 100% (167/167), done. +remote: Total 2568 (delta 86), reused 188 (delta 58), pack-reused 2341 +origin/HEAD set to develop +Resolving Hex dependencies... +Resolution completed in 0.872s +New: + castore 1.0.4 + finch 0.16.0 + hpax 0.1.2 + jason 1.4.1 + mime 2.0.5 + mint 1.5.1 + nimble_options 1.0.2 + nimble_pool 1.0.0 + slugger 0.3.0 + telemetry 1.2.1 + tesla 1.7.0 + yamerl 0.10.0 + yaml_elixir 2.8.0 +* Getting tesla (Hex package) +* Getting jason (Hex package) +* Getting yaml_elixir (Hex package) +* Getting slugger (Hex package) +* Getting finch (Hex package) +* Getting mint (Hex package) +* Getting castore (Hex package) +* Getting hpax (Hex package) +* Getting mime (Hex package) +* Getting nimble_options (Hex package) +* Getting nimble_pool (Hex package) +* Getting telemetry (Hex package) +* Getting yamerl (Hex package) +Resolving Hex dependencies... +Resolution completed in 0.413s +Unchanged: + castore 1.0.4 + finch 0.16.0 + hpax 0.1.2 + jason 1.4.1 + mime 2.0.5 + mint 1.5.1 + nimble_options 1.0.2 + nimble_pool 1.0.0 + slugger 0.3.0 + telemetry 1.2.1 + tesla 1.7.0 + yamerl 0.10.0 + yaml_elixir 2.8.0 +All dependencies are up to date +==> mime +Compiling 1 file (.ex) +Generated mime app +==> nimble_options +Compiling 3 files (.ex) +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault (core dumped) +``` +Steps to reproduce: +1. Create a repo using the github action zacksiri/setup-alpine +2. Install elixir +3. run `mix escript.install github upmaru/pakman --force` +Additional information: +You can use the following github action config as an example / starting point. + + +```yml +name: 'Deployment' + +on: + push: + branches: + - main + - master + - develop + +jobs: + build_and_deploy: + name: Build and Deploy + runs-on: ubuntu-latest + steps: + - name: 'Checkout' + uses: actions/checkout@v3 + with: + ref: ${{ github.event.workflow_run.head_branch }} + fetch-depth: 0 + + - name: 'Setup Alpine' + uses: zacksiri/setup-alpine@master + with: + branch: v3.18 + arch: aarch64 + qemu-repo: edge + packages: | + zip + tar + sudo + alpine-sdk + coreutils + cmake + elixir + + - name: 'Setup PAKman' + run: | + export MIX_ENV=prod + + mix local.rebar --force + mix local.hex --force + mix escript.install github upmaru/pakman --force + shell: alpine.sh {0} +``` + +I'm using alpine 3.18 which has otp25 with jit enabled so I suspect this is something to do with https://gitlab.com/qemu-project/qemu/-/issues/1034 diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2027 b/results/classifier/deepseek-r1:32b/output/runtime/2027 new file mode 100644 index 000000000..f9fb7e78f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2027 @@ -0,0 +1,236 @@ + + + +Go runtime panic with qemu-x86_64-static on aarch64 (bisected) +Description of problem: +I have run into some crashes with certain x86 Go binaries running on arm64 (Asahi Linux) using qemu-user-static. The issue is also reproducible on current master (9c74490bff6c8886a922008d0c9ce6cae70dd17e). I have bisected the issue to commit 2d708164e0475064e0e2167bd73e8570e22df1e0: + +``` +first bad commit: [2d708164e0475064e0e2167bd73e8570e22df1e0] linux-user: Define TASK_UNMAPPED_BASE in $guest/target_mman.h +``` +Steps to reproduce: +1. Build example Go program `GOARCH=amd64 go build -o crashing .` +2. Run it with `qemu-x86_64-static ./crashing` + +<details><summary>Go program to reproduce</summary> + +```go +package main + +import "crypto/x509" + +func main() { + x509.SystemCertPool() +} +``` + +</details> +Additional information: +<details><summary>Go program stacktrace</summary> + +``` +runtime: lfstack.push invalid packing: node=0xffff3c3a9780 cnt=0x1 packed=0xffff3c3a97800001 -> node=0xffffffff3c3a9780 +fatal error: lfstack.push + +runtime stack: +runtime.throw({0x52cb61?, 0x2ce5?}) + /usr/lib/golang/src/runtime/panic.go:1077 +0x5c fp=0xc000613f08 sp=0xc000613ed8 pc=0x433d5c +runtime.(*lfstack).push(0xa0000000002?, 0xffffffffffffefe8?) + /usr/lib/golang/src/runtime/lfstack.go:29 +0x125 fp=0xc000613f48 sp=0xc000613f08 pc=0x40ac25 +runtime.(*spanSetBlockAlloc).free(...) + /usr/lib/golang/src/runtime/mspanset.go:322 +runtime.(*spanSet).reset(0x64d220) + /usr/lib/golang/src/runtime/mspanset.go:264 +0x79 fp=0xc000613f78 sp=0xc000613f48 pc=0x42ef79 +runtime.finishsweep_m() + /usr/lib/golang/src/runtime/mgcsweep.go:260 +0x95 fp=0xc000613fb8 sp=0xc000613f78 pc=0x423455 +runtime.gcStart.func2() + /usr/lib/golang/src/runtime/mgc.go:687 +0xf fp=0xc000613fc8 sp=0xc000613fb8 pc=0x45bd8f +traceback: unexpected SPWRITE function runtime.systemstack +runtime.systemstack() + /usr/lib/golang/src/runtime/asm_amd64.s:509 +0x4a fp=0xc000613fd8 sp=0xc000613fc8 pc=0x46016a + +goroutine 1 [running]: +runtime.systemstack_switch() + /usr/lib/golang/src/runtime/asm_amd64.s:474 +0x8 fp=0xc0001bb9f0 sp=0xc0001bb9e0 pc=0x460108 +runtime.gcStart({0xc000600000?, 0x98370?, 0x307800?}) + /usr/lib/golang/src/runtime/mgc.go:686 +0x2e5 fp=0xc0001bba88 sp=0xc0001bb9f0 pc=0x418e05 +runtime.mallocgc(0x98370, 0x50bb80, 0x1) + /usr/lib/golang/src/runtime/malloc.go:1242 +0x76f fp=0xc0001bbaf0 sp=0xc0001bba88 pc=0x40caaf +runtime.makeslice(0xc0001840a8?, 0x26?, 0x0?) + /usr/lib/golang/src/runtime/slice.go:103 +0x49 fp=0xc0001bbb18 sp=0xc0001bbaf0 pc=0x449729 +os.ReadFile({0xc00035a0f0?, 0x52dcd6?}) + /usr/lib/golang/src/os/file.go:738 +0xe5 fp=0xc0001bbbf0 sp=0xc0001bbb18 pc=0x49ed25 +crypto/x509.loadSystemRoots() + /usr/lib/golang/src/crypto/x509/root_unix.go:70 +0x3d4 fp=0xc0001bbcd8 sp=0xc0001bbbf0 pc=0x4fdef4 +crypto/x509.initSystemRoots() + /usr/lib/golang/src/crypto/x509/root.go:30 +0x5c fp=0xc0001bbd10 sp=0xc0001bbcd8 pc=0x4fd9fc +sync.(*Once).doSlow(0x1?, 0xb30000c00018ada0?) + /usr/lib/golang/src/sync/once.go:74 +0xbf fp=0xc0001bbd70 sp=0xc0001bbd10 pc=0x467bff +sync.(*Once).Do(...) + /usr/lib/golang/src/sync/once.go:65 +crypto/x509.systemRootsPool() + /usr/lib/golang/src/crypto/x509/root.go:21 +0x45 fp=0xc0001bbdc0 sp=0xc0001bbd70 pc=0x4fd8a5 +crypto/x509.SystemCertPool() + /usr/lib/golang/src/crypto/x509/cert_pool.go:112 +0x25 fp=0xc0001bbf30 sp=0xc0001bbdc0 pc=0x4f6705 +main.main() + /home/cyrill/dev/goruntime-crash/main.go:6 +0xf fp=0xc0001bbf40 sp=0xc0001bbf30 pc=0x4ff18f +runtime.main() + /usr/lib/golang/src/runtime/proc.go:267 +0x2bb fp=0xc0001bbfe0 sp=0xc0001bbf40 pc=0x43673b +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0001bbfe8 sp=0xc0001bbfe0 pc=0x461f61 + +goroutine 2 [force gc (idle)]: +runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc00004efa8 sp=0xc00004ef88 pc=0x436b8e +runtime.goparkunlock(...) + /usr/lib/golang/src/runtime/proc.go:404 +runtime.forcegchelper() + /usr/lib/golang/src/runtime/proc.go:322 +0xb3 fp=0xc00004efe0 sp=0xc00004efa8 pc=0x436a13 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00004efe8 sp=0xc00004efe0 pc=0x461f61 +created by runtime.init.6 in goroutine 1 + /usr/lib/golang/src/runtime/proc.go:310 +0x1a + +goroutine 3 [GC sweep wait]: +runtime.gopark(0x1?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc00004f778 sp=0xc00004f758 pc=0x436b8e +runtime.goparkunlock(...) + /usr/lib/golang/src/runtime/proc.go:404 +runtime.bgsweep(0x0?) + /usr/lib/golang/src/runtime/mgcsweep.go:321 +0xdf fp=0xc00004f7c8 sp=0xc00004f778 pc=0x4235bf +runtime.gcenable.func1() + /usr/lib/golang/src/runtime/mgc.go:200 +0x25 fp=0xc00004f7e0 sp=0xc00004f7c8 pc=0x418945 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00004f7e8 sp=0xc00004f7e0 pc=0x461f61 +created by runtime.gcenable in goroutine 1 + /usr/lib/golang/src/runtime/mgc.go:200 +0x66 + +goroutine 4 [GC scavenge wait]: +runtime.gopark(0xc00006c000?, 0x570658?, 0x0?, 0x0?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc00004ff70 sp=0xc00004ff50 pc=0x436b8e +runtime.goparkunlock(...) + /usr/lib/golang/src/runtime/proc.go:404 +runtime.(*scavengerState).park(0x625680) + /usr/lib/golang/src/runtime/mgcscavenge.go:425 +0x49 fp=0xc00004ffa0 sp=0xc00004ff70 pc=0x420e49 +runtime.bgscavenge(0x0?) + /usr/lib/golang/src/runtime/mgcscavenge.go:658 +0x59 fp=0xc00004ffc8 sp=0xc00004ffa0 pc=0x4213f9 +runtime.gcenable.func2() + /usr/lib/golang/src/runtime/mgc.go:201 +0x25 fp=0xc00004ffe0 sp=0xc00004ffc8 pc=0x4188e5 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00004ffe8 sp=0xc00004ffe0 pc=0x461f61 +created by runtime.gcenable in goroutine 1 + /usr/lib/golang/src/runtime/mgc.go:201 +0xa5 + +goroutine 17 [finalizer wait]: +runtime.gopark(0x400000?, 0x10004e670?, 0x0?, 0x0?, 0x654640?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc00004e628 sp=0xc00004e608 pc=0x436b8e +runtime.runfinq() + /usr/lib/golang/src/runtime/mfinal.go:193 +0x107 fp=0xc00004e7e0 sp=0xc00004e628 pc=0x4179c7 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00004e7e8 sp=0xc00004e7e0 pc=0x461f61 +created by runtime.createfing in goroutine 1 + /usr/lib/golang/src/runtime/mfinal.go:163 +0x3d + +goroutine 18 [GC worker (idle)]: +runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc00004a750 sp=0xc00004a730 pc=0x436b8e +runtime.gcBgMarkWorker() + /usr/lib/golang/src/runtime/mgc.go:1293 +0xe5 fp=0xc00004a7e0 sp=0xc00004a750 pc=0x41a2c5 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00004a7e8 sp=0xc00004a7e0 pc=0x461f61 +created by runtime.gcBgMarkStartWorkers in goroutine 1 + /usr/lib/golang/src/runtime/mgc.go:1217 +0x1c + +goroutine 19 [GC worker (idle)]: +runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc00004af50 sp=0xc00004af30 pc=0x436b8e +runtime.gcBgMarkWorker() + /usr/lib/golang/src/runtime/mgc.go:1293 +0xe5 fp=0xc00004afe0 sp=0xc00004af50 pc=0x41a2c5 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00004afe8 sp=0xc00004afe0 pc=0x461f61 +created by runtime.gcBgMarkStartWorkers in goroutine 1 + /usr/lib/golang/src/runtime/mgc.go:1217 +0x1c + +goroutine 33 [GC worker (idle)]: +runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc000090750 sp=0xc000090730 pc=0x436b8e +runtime.gcBgMarkWorker() + /usr/lib/golang/src/runtime/mgc.go:1293 +0xe5 fp=0xc0000907e0 sp=0xc000090750 pc=0x41a2c5 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc0000907e8 sp=0xc0000907e0 pc=0x461f61 +created by runtime.gcBgMarkStartWorkers in goroutine 1 + /usr/lib/golang/src/runtime/mgc.go:1217 +0x1c + +goroutine 20 [GC worker (idle)]: +runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc00004b750 sp=0xc00004b730 pc=0x436b8e +runtime.gcBgMarkWorker() + /usr/lib/golang/src/runtime/mgc.go:1293 +0xe5 fp=0xc00004b7e0 sp=0xc00004b750 pc=0x41a2c5 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00004b7e8 sp=0xc00004b7e0 pc=0x461f61 +created by runtime.gcBgMarkStartWorkers in goroutine 1 + /usr/lib/golang/src/runtime/mgc.go:1217 +0x1c + +goroutine 49 [GC worker (idle)]: +runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc00008c750 sp=0xc00008c730 pc=0x436b8e +runtime.gcBgMarkWorker() + /usr/lib/golang/src/runtime/mgc.go:1293 +0xe5 fp=0xc00008c7e0 sp=0xc00008c750 pc=0x41a2c5 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00008c7e8 sp=0xc00008c7e0 pc=0x461f61 +created by runtime.gcBgMarkStartWorkers in goroutine 1 + /usr/lib/golang/src/runtime/mgc.go:1217 +0x1c + +goroutine 21 [GC worker (idle)]: +runtime.gopark(0xa740c76b8ab?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc00004bf50 sp=0xc00004bf30 pc=0x436b8e +runtime.gcBgMarkWorker() + /usr/lib/golang/src/runtime/mgc.go:1293 +0xe5 fp=0xc00004bfe0 sp=0xc00004bf50 pc=0x41a2c5 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00004bfe8 sp=0xc00004bfe0 pc=0x461f61 +created by runtime.gcBgMarkStartWorkers in goroutine 1 + /usr/lib/golang/src/runtime/mgc.go:1217 +0x1c + +goroutine 22 [GC worker (idle)]: +runtime.gopark(0xa740cc9dc5e?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc00004c750 sp=0xc00004c730 pc=0x436b8e +runtime.gcBgMarkWorker() + /usr/lib/golang/src/runtime/mgc.go:1293 +0xe5 fp=0xc00004c7e0 sp=0xc00004c750 pc=0x41a2c5 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00004c7e8 sp=0xc00004c7e0 pc=0x461f61 +created by runtime.gcBgMarkStartWorkers in goroutine 1 + /usr/lib/golang/src/runtime/mgc.go:1217 +0x1c + +goroutine 23 [GC worker (idle)]: +runtime.gopark(0x654640?, 0x1?, 0xba?, 0x5f?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc00004cf50 sp=0xc00004cf30 pc=0x436b8e +runtime.gcBgMarkWorker() + /usr/lib/golang/src/runtime/mgc.go:1293 +0xe5 fp=0xc00004cfe0 sp=0xc00004cf50 pc=0x41a2c5 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00004cfe8 sp=0xc00004cfe0 pc=0x461f61 +created by runtime.gcBgMarkStartWorkers in goroutine 1 + /usr/lib/golang/src/runtime/mgc.go:1217 +0x1c + +goroutine 24 [GC worker (idle)]: +runtime.gopark(0xa740c58ec16?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc00004d750 sp=0xc00004d730 pc=0x436b8e +runtime.gcBgMarkWorker() + /usr/lib/golang/src/runtime/mgc.go:1293 +0xe5 fp=0xc00004d7e0 sp=0xc00004d750 pc=0x41a2c5 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc00004d7e8 sp=0xc00004d7e0 pc=0x461f61 +created by runtime.gcBgMarkStartWorkers in goroutine 1 + /usr/lib/golang/src/runtime/mgc.go:1217 +0x1c + +goroutine 34 [GC worker (idle)]: +runtime.gopark(0x654640?, 0x1?, 0x7a?, 0xa3?, 0x0?) + /usr/lib/golang/src/runtime/proc.go:398 +0xce fp=0xc000090f50 sp=0xc000090f30 pc=0x436b8e +runtime.gcBgMarkWorker() + /usr/lib/golang/src/runtime/mgc.go:1293 +0xe5 fp=0xc000090fe0 sp=0xc000090f50 pc=0x41a2c5 +runtime.goexit() + /usr/lib/golang/src/runtime/asm_amd64.s:1650 +0x1 fp=0xc000090fe8 sp=0xc000090fe0 pc=0x461f61 +created by runtime.gcBgMarkStartWorkers in goroutine 1 + /usr/lib/golang/src/runtime/mgc.go:1217 +0x1c +exit status 2 +``` + +</details> diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2035 b/results/classifier/deepseek-r1:32b/output/runtime/2035 new file mode 100644 index 000000000..11a2bf388 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2035 @@ -0,0 +1,57 @@ + + + +TCG Plugin exit callback not executing +Description of problem: +I cannot get the plugin exit callback to register/execute. I should see "Goodbye from plugin" but dont. I have also tried using `qemu_plugin_outs` without success. + +**Update: If I make my test binary an infinite loop and kill it with CTRL-C, then the callback is called as expected. Am I just using it wrong?** +Steps to reproduce: +1. Configured QEMU with `--target-list=riscv32-linux-user,riscv64-linux-user --enable-plugins --disable-system` +2. Compiled plugin with +``` +gcc -I./qemu/include/qemu `pkg-config --libs glib-2.0` -O0 -fvisibility=hidden -Wall -shared -fPIC `pkg-config --cflags glib-2.0` +``` +3. Compiled test binary (just a hello world) with `riscv64-unknown-elf-gcc test_qemu.c -o test_qemu` +4. Ran ./qemu/build/qemu-riscv64 -plugin ./test_plugin.so -d plugin ./test_qemu +Additional information: +test_plugin.c +``` +#include <inttypes.h> +#include <assert.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <stdio.h> +#include <qemu-plugin.h> + +QEMU_PLUGIN_EXPORT int qemu_plugin_version = QEMU_PLUGIN_VERSION; + +static void vcpu_tb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb) +{ + int n_insns = qemu_plugin_tb_n_insns(tb); + printf("> New TB of size %d\n", n_insns); + + for (int i = 0; i < n_insns; i++) { + struct qemu_plugin_insn * insn = qemu_plugin_tb_get_insn(tb, i); + char * disassembly = qemu_plugin_insn_disas(insn); + printf(" > Instruciton: %s\n", disassembly); + } +} + +static void plugin_exit(qemu_plugin_id_t id, void *p) +{ + printf("> Goodbye from plugin. %d\n", id); +} + +QEMU_PLUGIN_EXPORT int qemu_plugin_install(qemu_plugin_id_t id, + const qemu_info_t *info, + int argc, char **argv) +{ + printf("> Hello From Plugin!\n"); + qemu_plugin_register_vcpu_tb_trans_cb(id, vcpu_tb_trans); + qemu_plugin_register_atexit_cb(id, plugin_exit, NULL); + printf("> Everything was registered\n"); + return 0; +} +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2072564 b/results/classifier/deepseek-r1:32b/output/runtime/2072564 new file mode 100644 index 000000000..3a9c3be06 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2072564 @@ -0,0 +1,48 @@ + + + +qemu-aarch64-static segfaults running ldconfig.real (amd64 host) + +This affects the qemu-user-static 1:8.2.2+ds-0ubuntu1 package on Ubuntu 24.04, running on a amd64 host. + +When running docker containers with Ubuntu 22.04 in them, emulating arm64 with qemu-aarch64-static, invocations of ldconfig (actually ldconfig.real) segfault. For example: + +$ docker run -ti --platform linux/arm64/v8 ubuntu:22.04 +root@8861ff640a1c:/# /sbin/ldconfig.real +Segmentation fault + +If you copy the ldconfig.real binary to the host, and run it directly via qemu-aarch64-static: + +$ gdb --args qemu-aarch64-static ./ldconfig.real +GNU gdb (Ubuntu 15.0.50.20240403-0ubuntu1) 15.0.50.20240403-git +Copyright (C) 2024 Free Software Foundation, Inc. +License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. +Type "show copying" and "show warranty" for details. +This GDB was configured as "x86_64-linux-gnu". +Type "show configuration" for configuration details. +For bug reporting instructions, please see: +<https://www.gnu.org/software/gdb/bugs/>. +Find the GDB manual and other documentation resources online at: + <http://www.gnu.org/software/gdb/documentation/>. + +For help, type "help". +Type "apropos word" to search for commands related to "word"... +Reading symbols from qemu-aarch64-static... +Reading symbols from /home/dim/.cache/debuginfod_client/86579812b213be0964189499f62f176bea817bf2/debuginfo... +(gdb) r +Starting program: /usr/bin/qemu-aarch64-static ./ldconfig.real +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". +[New Thread 0x7ffff76006c0 (LWP 28378)] + +Thread 1 "qemu-aarch64-st" received signal SIGSEGV, Segmentation fault. +0x00007fffe801645b in ?? () +(gdb) disassemble +No function contains program counter for selected frame. + +It looks like this is a known qemu regression after v8.1.1: +https://gitlab.com/qemu-project/qemu/-/issues/1913 + +Downgrading the package to qemu-user-static_8.0.4+dfsg-1ubuntu3_amd64.deb fixes the segfault. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2082 b/results/classifier/deepseek-r1:32b/output/runtime/2082 new file mode 100644 index 000000000..33b0f7a9e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2082 @@ -0,0 +1,47 @@ + + + +"Unable to find a guest_base to satisfy all guest address mapping requirements" running certain x86_64 binaries on aarch64 host +Description of problem: +Copying from: + + https://bugzilla.redhat.com/show_bug.cgi?id=2256916 + +With ``qemu-x86_64-static`` from ``qemu-8.1.3-1.fc39``, I can no longer run on the m1 the ``x86_64`` binary created by https://github.com/containers/PodmanHello + +If I try with ``qemu-x86_64-static`` from ``qemu-7.2.7-1.fc38`` then this works. + +If I build the binary manually on a fc39 x86 system with ``gcc -O2 -static -o podman_hello_world podman_hello_world.c``, then I can also run it successfully with ``qemu-8.1.3-1.fc39``. +It's only the static binary built inside the alpine container which cannot be run on the M1. + + +Misc tests I ran: + +``` +$ ./qemu-x86_64-static-8.1.3 podman_hello_world.alpine +qemu-x86_64-static-8.1.3: /var/roothome/podman_hello_world.alpine: Unable to find a guest_base to satisfy all guest address mapping requirements + 0000000000000000-0000000000000fff + 0000000000400000-00000000004047ef + +$ ./qemu-x86_64-static-7.2.7 podman_hello_world.alpine +!... Hello Podman World ...! +[...] + +$ ./qemu-x86_64-static-8.1.3 podman_hello_world.fc39 +!... Hello Podman World ...! +[...] +``` + +The issue is still present with ``qemu-8.2.0-0.3.rc2.fc40`` + +I also could not reproduce on ``x86_64`` machines. I just tried it on fc39 installed on non-Apple ``aarch64`` hardware, and I'm seeing the same issue: + +``` +# rpm -qf /usr/bin/qemu-x86_64-static +qemu-user-static-x86-8.1.3-1.fc39.aarch64 + +# qemu-x86_64-static ./podman_hello_world.alpine +qemu-x86_64-static: /root/podman_hello_world.alpine: Unable to find a guest_base to satisfy all guest address mapping requirements + 0000000000000000-0000000000000fff + 0000000000400000-00000000004047ef +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2119 b/results/classifier/deepseek-r1:32b/output/runtime/2119 new file mode 100644 index 000000000..c2d7b188c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2119 @@ -0,0 +1,4 @@ + + + +target/riscv/gdbstub.c:The V registers in gdb debugging mode can only be accessed when the single-letter V is enabled diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2127 b/results/classifier/deepseek-r1:32b/output/runtime/2127 new file mode 100644 index 000000000..083ec4b35 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2127 @@ -0,0 +1,4 @@ + + + +test-aio-multithread.c:371:test_multi_fair_mutex: assertion failed (counter == atomic_counter): (316636 == 316637) diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2156 b/results/classifier/deepseek-r1:32b/output/runtime/2156 new file mode 100644 index 000000000..4e1504dae --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2156 @@ -0,0 +1,18 @@ + + + +Userland QEMU segfaults when emulating itself thrice +Description of problem: +See title. +``` +$ qemu-x86_64-static qemu-x86_64-static qemu-x86_64-static /bin/true +qemu-x86_64-static: QEMU internal SIGSEGV {code=ACCERR, addr=0x7f9ae80001a0} +[1] 15705 segmentation fault (core dumped) qemu-x86_64-static qemu-x86_64-static qemu-x86_64-static /bin/true +``` +Steps to reproduce: +1. Execute command above +Additional information: +Coredump (~322MB uncompressed) +[qemu_qemu-x86_64-static_20240208-123447_15705.core.xz](/uploads/a6723aaf956dfd1efc434303e62c25e2/qemu_qemu-x86_64-static_20240208-123447_15705.core.xz) + +SHA1: 31c2b06a61f63dca5199b64b767aa2fdeefbeec6 diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2157 b/results/classifier/deepseek-r1:32b/output/runtime/2157 new file mode 100644 index 000000000..0223b0aaf --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2157 @@ -0,0 +1,46 @@ + + + +qemu-user fails to run 32-bit x86 binaries on hosts with a page size > 4KB +Description of problem: +`qemu-i386` refuses to run 32-bit x86 binaries on hosts with a page size > 4KB +(such as LoongArch, ppc64le, arm64 with 3 level page tables). +Steps to reproduce: +1. Compile x86 binary which makes a single exit(0) syscall: + ``` + cat > exit0.S << EOF + #include <sys/syscall.h> + .text + .global _start + _start: + movl $__NR_exit, %eax + movl $0, %ebx + int $0x80 + EOF + i586-linux-gnu-gcc -nostdlib -static -no-pie -o exit0 exit0.S + ``` + Alternatively one might compile it on a x86 host: + ``` + gcc -m32 -nostdlib -static -no-pie -o exit0 exit0.S + ``` + and transfer the `exit0` binary to ppc64/LoongArch/arm64 system + + 2. Run the `exit0` binary with `qemu-i386` + ``` + qemu-i386-static ./exit0 + ``` + + # +Additional information: +`.text` segment of (32-bit) x86 binaries is typically aligned at 4KB: +``` +Program Headers: + Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align + LOAD 0x000000 0x08048000 0x08048000 0x00100 0x00100 R 0x1000 + LOAD 0x001000 0x08049000 0x08049000 0x0000c 0x0000c R E 0x1000 + NOTE 0x0000b4 0x080480b4 0x080480b4 0x0004c 0x0004c R 0x4 + GNU_PROPERTY 0x0000d8 0x080480d8 0x080480d8 0x00028 0x00028 R 0x4 +``` + +Thus on a host with a page size being 64 KB (ppc64, arm64 with 3 level page tables) or 16 KB (LoongArch) +alignment requirements in [pbg_dynamic](https://gitlab.com/qemu-project/qemu/-/blob/master/linux-user/elfload.c?ref_type=heads#L3020) can not be satisfied. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2208 b/results/classifier/deepseek-r1:32b/output/runtime/2208 new file mode 100644 index 000000000..aceb5eff3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2208 @@ -0,0 +1,91 @@ + + + +PC is not updated for each instruction in TCG plugins +Description of problem: +I have checkout the `master` branch (the latest available commit on my machine is *7d4e29ef80*) to test the new functions that allow plugins to read registers. See https://gitlab.com/qemu-project/qemu/-/issues/1706 that has been closed last Friday. + +I am using a simple hello-world binary for ARM for my tests: + +```bash +% ./qemu-aarch64 hello-world.out +Hello World! +``` + +I run this binary with the *execlog* plugin enabled, and with the `-one-insn-per-tb` option: + +```bash +% ./qemu-aarch64 -d plugin -plugin ./contrib/plugins/libexeclog.so,reg=pc -one-insn-per-tb hello-world.out +``` + +Here is the end of the execution: + +```raw +0, 0x40e470, 0x54000040, "b.eq #0x40e478", pc -> 0x00000000000040e474 +0, 0x40e474, 0xd65f03c0, "ret ", pc -> 0x00000000000040d38c +0, 0x40d38c, 0xf945fab5, "ldr x21, [x21, #0xbf0]", load, 0x00490bf0, pc -> 0x00000000000040d390 +0, 0x40d390, 0xf9404fe0, "ldr x0, [sp, #0x98]", load, 0x7f635a9e7f28, pc -> 0x00000000000040d394 +0, 0x40d394, 0xf94002a1, "ldr x1, [x21]", load, 0x0048f9e8, pc -> 0x00000000000040d398 +0, 0x40d398, 0xeb010000, "subs x0, x0, x1", pc -> 0x00000000000040d39c +0, 0x40d39c, 0xd2800001, "movz x1, #0", pc -> 0x00000000000040d3a0 +0, 0x40d3a0, 0x540006e1, "b.ne #0x40d47c", pc -> 0x00000000000040d3a4 +0, 0x40d3a4, 0x2a1903e0, "mov w0, w25", pc -> 0x00000000000040d3a8 +0, 0x40d3a8, 0xa94153f3, "ldp x19, x20, [sp, #0x10]", load, 0x7f635a9e7ea0, pc -> 0x00000000000040d3ac +0, 0x40d3ac, 0xa9425bf5, "ldp x21, x22, [sp, #0x20]", load, 0x7f635a9e7eb0, pc -> 0x00000000000040d3b0 +0, 0x40d3b0, 0xa94363f7, "ldp x23, x24, [sp, #0x30]", load, 0x7f635a9e7ec0, pc -> 0x00000000000040d3b4 +0, 0x40d3b4, 0xa9446bf9, "ldp x25, x26, [sp, #0x40]", load, 0x7f635a9e7ed0, pc -> 0x00000000000040d3b8 +0, 0x40d3b8, 0xa8ca7bfd, "ldp x29, x30, [sp], #0xa0", load, 0x7f635a9e7e90, pc -> 0x00000000000040d3bc +0, 0x40d3bc, 0xd65f03c0, "ret ", pc -> 0x000000000000405d80 +0, 0x405d80, 0xeb13029f, "cmp x20, x19", pc -> 0x000000000000405d84 +0, 0x405d84, 0x91000694, "add x20, x20, #1", pc -> 0x000000000000405d88 +0, 0x405d88, 0x54ffff81, "b.ne #0x405d78", pc -> 0x000000000000405d8c +0, 0x405d8c, 0x2a1703e0, "mov w0, w23", pc -> 0x000000000000405d90 +0, 0x405d90, 0x94004c20, "bl #0x418e10", pc -> 0x000000000000418e10 +0, 0x418e10, 0x93407c02, "sxtw x2, w0", pc -> 0x000000000000418e14 +0, 0x418e14, 0x900003c4, "adrp x4, #0x490000", pc -> 0x000000000000418e18 +0, 0x418e18, 0xf946f084, "ldr x4, [x4, #0xde0]", load, 0x00490de0, pc -> 0x000000000000418e1c +0, 0x418e1c, 0xd53bd043, "mrs x3, tpidr_el0", pc -> 0x000000000000418e20 +0, 0x418e20, 0xaa0203e0, "mov x0, x2", pc -> 0x000000000000418e24 +0, 0x418e24, 0xd2800bc8, "movz x8, #0x5e", pc -> 0x000000000000418e28 +0, 0x418e28, 0xd4000001, "svc #0" +``` + +Now, here is the same part of the execution but without the `-one-insn-per-tb` option: + +```raw +0, 0x40e470, 0x54000040, "b.eq #0x40e478" +0, 0x40e474, 0xd65f03c0, "ret ", pc -> 0x00000000000040d38c +0, 0x40d38c, 0xf945fab5, "ldr x21, [x21, #0xbf0]", load, 0x00490bf0 +0, 0x40d390, 0xf9404fe0, "ldr x0, [sp, #0x98]", load, 0x7f4d42108f28 +0, 0x40d394, 0xf94002a1, "ldr x1, [x21]", load, 0x0048f9e8 +0, 0x40d398, 0xeb010000, "subs x0, x0, x1" +0, 0x40d39c, 0xd2800001, "movz x1, #0" +0, 0x40d3a0, 0x540006e1, "b.ne #0x40d47c", pc -> 0x00000000000040d3a4 +0, 0x40d3a4, 0x2a1903e0, "mov w0, w25" +0, 0x40d3a8, 0xa94153f3, "ldp x19, x20, [sp, #0x10]", load, 0x7f4d42108ea0 +0, 0x40d3ac, 0xa9425bf5, "ldp x21, x22, [sp, #0x20]", load, 0x7f4d42108eb0 +0, 0x40d3b0, 0xa94363f7, "ldp x23, x24, [sp, #0x30]", load, 0x7f4d42108ec0 +0, 0x40d3b4, 0xa9446bf9, "ldp x25, x26, [sp, #0x40]", load, 0x7f4d42108ed0 +0, 0x40d3b8, 0xa8ca7bfd, "ldp x29, x30, [sp], #0xa0", load, 0x7f4d42108e90 +0, 0x40d3bc, 0xd65f03c0, "ret ", pc -> 0x000000000000405d80 +0, 0x405d80, 0xeb13029f, "cmp x20, x19" +0, 0x405d84, 0x91000694, "add x20, x20, #1" +0, 0x405d88, 0x54ffff81, "b.ne #0x405d78", pc -> 0x000000000000405d8c +0, 0x405d8c, 0x2a1703e0, "mov w0, w23" +0, 0x405d90, 0x94004c20, "bl #0x418e10", pc -> 0x000000000000418e10 +0, 0x418e10, 0x93407c02, "sxtw x2, w0" +0, 0x418e14, 0x900003c4, "adrp x4, #0x490000" +0, 0x418e18, 0xf946f084, "ldr x4, [x4, #0xde0]", load, 0x00490de0 +0, 0x418e1c, 0xd53bd043, "mrs x3, tpidr_el0" +0, 0x418e20, 0xaa0203e0, "mov x0, x2" +0, 0x418e24, 0xd2800bc8, "movz x8, #0x5e" +0, 0x418e28, 0xd4000001, "svc #0" +``` + +The [documentation](https://www.qemu.org/docs/master/devel/tcg-plugins.html) says: + +> This plugin can also dump registers when they change value. Specify the name of the registers with multiple reg options. + +The `pc` register changes for each instruction. I would expect the plugin to produce the same output with or without the `-one-insn-per-tb` option. +Additional information: +The code that prints "pc -> 0x......" is in `insn_check_regs()` in `contrib/plugins/execlog.c`. It uses the new `qemu_plugin_read_register()` function and compares the new value to the previous value. The code seems OK. It means that the implementation of `qemu_plugin_read_register()` gets the same value several times in a row, instead of a new value each time. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2223 b/results/classifier/deepseek-r1:32b/output/runtime/2223 new file mode 100644 index 000000000..3331178e4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2223 @@ -0,0 +1,38 @@ + + + +Weird behavior on RISC-V code running on QEMU +Description of problem: +I am currently facing some weird problems on a RISC-V project meant to run on the QEMU environment and thought that maybe someone here could give me a light on the subject. The goal is to run a project built on top of one of FreeRTOS' official demo ports that target the 'virt' QEMU board. I ran across a few weird behaviors where code execution would just hang at some point (QEMU would keep execution but the expected terminal output would never come up). I don't have sufficient knowledge to tell whether the issue is with the FreeRTOS port, the RISC-V gnu toolchain or QEMU itself, hence why I am raising my hand for help on all related channels. + +This [repository](https://bitbucket.org/softcps-investigacao-risc-v/freertos-riscv-bugs/src/master/) contains more details and a sample project that illustrates well one of the problems I've been getting lately (I also give more context about it [here](https://github.com/riscv-collab/riscv-gnu-toolchain/issues/1434)). It basically goes like this: the program **executes fine** when a certain code snippet is encapsulated **within a function**, but "**crashes**" (i.e. hangs) when the same snippet is placed **directly in the main code**: + +```c +for(int i=0; i < NUMBER_OF_ITEMS; i++){ + createAndPushItem(i); + + // the function above does the exact same thing as the commented code below + // yet, the commented code does not work and will crash the program. but why?? + + // int index = priorities[i]; + // void *value = (void *) getValue(i + 1); + // LinkedListItem_t *item = createItem(index, value); + // if(item){ + // push(item, &list); + // } +} +``` + +The scope shouldn't matter at all here, since there is no local variable being used or anything like that. I have tested workarounds like removing compiling optimization (i.e. changing -Os for -O0) and using regular malloc() instead of FreeRTOS' dynamic allocation API, but all without success. Note that even though the project is build on top of the FreeRTOS demo port, no RTOS functionality is used within this code to make it as simple as it gets. +Steps to reproduce: +1. clone this [repository](https://bitbucket.org/softcps-investigacao-risc-v/freertos-riscv-bugs/src/master/) +2. follow the readme to install the toolchain +3. follow the readme to compile the program and run it +Additional information: +The expected output is supposed to be: + + + +but when one decides to use the commented snippet instead of the function, the program hangs right before sorting the linked list for the first time: + + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2304 b/results/classifier/deepseek-r1:32b/output/runtime/2304 new file mode 100644 index 000000000..98b4e73d0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2304 @@ -0,0 +1,41 @@ + + + +Disabling SVE via `-cpu max,sve=off` leaves SVE2 advertised by `getauxval` +Description of problem: +The documentation on https://qemu-project.gitlab.io/qemu/system/arm/cpu-features.html suggests that it should be possible to disable SVE support by passing `-cpu max,sve=off` on the command line, however this appears to only disable the SVE support advertised in the return value from `getauxval(AT_HWCAP)`. In particular it leaves SVE2 reported as enabled. This leaves the feature set advertised by `getauxval` in an inconsistent state since SVE is mandatory if SVE2 is available. + +This may also affect other feature dependencies for example FEAT_SVE_BITPerm also requiring SVE2 to be available, I've not checked exhaustively. + +For example, given the following code: + + #include <sys/auxv.h> + #include <stdio.h> + + int main() { + unsigned long hwcap = getauxval(AT_HWCAP); + unsigned long hwcap2 = getauxval(AT_HWCAP2); + + if (hwcap & HWCAP_SVE) { + printf("have sve!\n"); + } else { + printf("don't have sve!\n"); + } + if (hwcap2 & HWCAP2_SVE2) { + printf("have sve2!\n"); + } else { + printf("don't have sve2!\n"); + } + } + +We can observe the following: + + $ aarch64-linux-gnu-gcc test.c -static + $ ../qemu-aarch64 -cpu max ./a.out + have sve! + have sve2! + $ ../qemu-aarch64 -cpu max,sve=off ./a.out + don't have sve! + have sve2! + +I don't believe that there is a `-cpu ...,sve2=off` option, so I would expect that disabling SVE also prevents SVE2 from being advertised as available. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2336 b/results/classifier/deepseek-r1:32b/output/runtime/2336 new file mode 100644 index 000000000..52e60fc62 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2336 @@ -0,0 +1,26 @@ + + + +qemu-x86_64 crash on LoongArch +Description of problem: + +Steps to reproduce: +1. build a static hello test on x86_64 machine. +2. build qemu-x86_64 on LoongArch. +3. run 'qemu-x86_64 hello 'on LoongArch. +Additional information: +1 result + +[root@localhost qemu]# ./build/qemu-x86_64 ~/hello +Bus error (core dumped) + +2 Since commit 45bf0e7aa648369cf8ab2333bd20144806fc1be3 + +3 full log with -d in_asm,op,out_asm,strace +see log.txt + +[log.txt](/uploads/9a0e3250bfafa6db31d6688b8c60feb7/log.txt) + +[qemu-x86_64](/uploads/728fc4f4633054097b6028cd99a20e8b/qemu-x86_64) + +[hello](/uploads/d7dec3bdb844273a8e26464ed418c1a0/hello) diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2353 b/results/classifier/deepseek-r1:32b/output/runtime/2353 new file mode 100644 index 000000000..38d8490e4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2353 @@ -0,0 +1,59 @@ + + + +linux-user: may map interpreter at address 0 with nonzero guest_base +Description of problem: +QEMU's user-mode emulation will, under certain conditions, map the ELF interpreter at guest address 0. This is not only a violation of Linux's policy never to map anything at the first page of any virtual address space, but also a cause of confusion (and segfaults) within certain libcs; though I only tested with musl. Musl [interprets a NULL base address](https://elixir.bootlin.com/musl/v1.2.4/source/ldso/dlstart.c#L105) as the dynamic linker being invoked directly, causing it to compute its base address incorrectly. + +The problem arises in `load_elf_image()`, which chooses a `load_addr` of 0 for the ELF interpreter (i.e. the musl dynamic loader). This is passed to `target_mmap()`. I do not know whether `target_mmap()` is meant to follow the POSIX rule that (in absence of `MAP_FIXED`) "All implementations interpret an *addr* value of 0 as granting the implementation complete freedom in selecting *pa*" or if 0 is requesting 0. + +QEMU's usermode mmap() implementation translates the guest address to a host address (this is effectively a no-op with `guest_base == 0`) and passes it along to the host Linux. This means that, when `guest_base == 0`, a NULL input address means "put it anywhere," but when `guest_base != 0`, NULL means "put it at (guest address) 0." +Steps to reproduce: +1. Download a rootfs of Alpine Linux AArch64. +2. Install `gcc` (with `apk add gcc`) in the rootfs. `gcc` is not compiled as PIC, making QEMU use a nonzero `guest_base`. +3. Attempt to run `gcc` within the rootfs via QEMU. +Additional information: +I am interested in submitting a MR that fixes this issue, but I do not know which of 4 possible solutions is preferred: + +1. Modify `load_elf_image()` to ensure that `load_addr` is never NULL. +2. Modify `target_mmap()` so that NULLs are passed to the kernel as NULLs. +3. Modify the guest<->host translation facilities (`g2h_untagged` et al) to translate NULL as NULL. Overwhelmingly, a NULL pointer semantically means "there is no pointer here" and not "a pointer to the zeroth address," so treating these as valid addresses in the translation functions is arguably going against the grain. +4. When a nonzero `guest_base` is selected, reserve the first page of the guest VA space, so that the host kernel cannot accidentally put anything there. + +Here is my local patch that implements item 2 above, which indeed stops the segfaults for me: +<details><summary>Patch</summary> + +```diff +diff --git a/linux-user/mmap.c b/linux-user/mmap.c +index be3b9a6..dad29ef 100644 +--- a/linux-user/mmap.c ++++ b/linux-user/mmap.c +@@ -559,7 +559,7 @@ static abi_long mmap_h_eq_g(abi_ulong start, abi_ulong len, + int host_prot, int flags, int page_flags, + int fd, off_t offset) + { +- void *p, *want_p = g2h_untagged(start); ++ void *p, *want_p = start ? g2h_untagged(start) : 0; + abi_ulong last; + + p = mmap(want_p, len, host_prot, flags, fd, offset); +@@ -609,7 +609,7 @@ static abi_long mmap_h_lt_g(abi_ulong start, abi_ulong len, int host_prot, + int mmap_flags, int page_flags, int fd, + off_t offset, int host_page_size) + { +- void *p, *want_p = g2h_untagged(start); ++ void *p, *want_p = start ? g2h_untagged(start) : 0; + off_t fileend_adj = 0; + int flags = mmap_flags; + abi_ulong last, pass_last; +@@ -739,7 +739,7 @@ static abi_long mmap_h_gt_g(abi_ulong start, abi_ulong len, + int flags, int page_flags, int fd, + off_t offset, int host_page_size) + { +- void *p, *want_p = g2h_untagged(start); ++ void *p, *want_p = start ? g2h_untagged(start) : 0; + off_t host_offset = offset & -host_page_size; + abi_ulong last, real_start, real_last; + bool misaligned_offset = false; +``` +</details> diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2448 b/results/classifier/deepseek-r1:32b/output/runtime/2448 new file mode 100644 index 000000000..ba65ac929 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2448 @@ -0,0 +1,49 @@ + + + +linux-user as binfmt_misc fails to recognize AT_EXECFD if it's 0 and leaves it open as stdin +Description of problem: +When a `*-linux-user` is used as binfmt_misc, and... + +- The `O` (i.e. open-binary) flag is set +- File descriptor 0 is closed when running the executable + +FD 0 is opened to point at the executable and passed as `AT_EXECFD`, which QEMU fails to recognize and leaves open before handing control over to the executable, leading to the program to think stdin is opened for reading its own executable. + +Some use cases rely on closed stdin to behave correctly. For example, this problem causes the `tests/tail/follow-stdin.sh` and `tests/tac/tac-2-nonseekable.sh` tests in GNU coreutils to fail. In any case, having the executable itself be stdin is definitely incorrect and quite surprising behavior. +Steps to reproduce: +1. Set up qemu-riscv64 as binfmt_misc with `qemu-binfmt-conf.sh`, with the `--credential` flag (which enables open-binary) +2. Get a coreutils built for riscv64 (Let's say it can be found in `riscv64-coreutils/bin`) +3. Run it with something like `riscv64-coreutils/bin/cat <&- | xxd | head` (`xxd | head` to catch the binary output) + +The correct behavior is (You can see by running the native `cat <&-`): + +``` +cat: -: Bad file descriptor +cat: closing standard input: Bad file descriptor +``` + +Instead, the executable `cat` itself is dumped to stdout. + +Perhaps slightly more clear is `riscv64-coreutils/bin/ls -l /proc/self/fd <&-` which shows fd 0 unexpectedly pointing to the coreutils executable. +Additional information: +I'm interested in writing a patch to fix this issue but I'm uncertain how to proceed. This is what I've found so far: + +In `linux-user/main.c` if (effectively) `getauxval(AT_EXECFD)` is 0 it's treated as nonexistent. (https://gitlab.com/qemu-project/qemu/-/blob/0d9f1016d43302108d33d1268304a06cc3fb2021/linux-user/main.c#L758-765) + +```c + execfd = qemu_getauxval(AT_EXECFD); + if (execfd == 0) { + execfd = open(exec_path, O_RDONLY); + if (execfd < 0) { + printf("Error while loading %s: %s\n", exec_path, strerror(errno)); + _exit(EXIT_FAILURE); + } + } +``` + +However as we've seen `getauxval(AT_EXECFD)` can have 0 as a valid value. + +`qemu_getauxval` in `util/getauxval.c` implements several strategies to get the auxv, but doesn't currently give a way to distinguish not found and 0. FreeBSD `elf_aux_info` has `EINVAL` and `ENOENT` error codes but it's ignored here. On Linux, glibc sets `errno` to `ENOENT` to distinguish the two cases but only on glibc >= 2.19. Musl's `getauxval` has always had setting `errno` to `ENOENT`. + +Once we add a proper "`AT_EXECFD` doesn't exist" check this will no longer be a problem since (IIUC) `execfd` will eventually be closed after loading. How should we add "not found" support to `qemu_getauxval`? Is just simply relying on libc's `getauxval` setting `errno` okay? diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2460 b/results/classifier/deepseek-r1:32b/output/runtime/2460 new file mode 100644 index 000000000..19cfd6dc9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2460 @@ -0,0 +1,11 @@ + + + +Significant performance degradation of qemu-x86_64 starting from version 3 on aarch64 +Description of problem: +When I ran CoreMark with different qemu user-mode versions,guest x86-64-> host arm64, I found that the performance was highest with QEMU 2.x versions, and there was a significant performance degradation starting from QEMU version 3. What is the reason? + +| | | | | | | | | | | | | +|------------------------------------------|-------------|-------------|-------------|-------------|-------------|-------------|------------|-------------|-------------|-------------|-------------| +| qemu version | 2.5.1 | 2.8.0 | 2.9.0 | 2.9.1 | 3.0.0 | 4.0.0 | 5.2.0 | 6.2.0 | 7.2.13 | 8.2.6 | 9.0.1 | +| coremark score | 3905.995703 | 4465.947153 | 4534.119247 | 4538.577912 | 1167.337886 | 1163.399453 | 928.348384 | 1327.051954 | 1301.659616 | 1034.714677 | 1085.304971 | diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2486 b/results/classifier/deepseek-r1:32b/output/runtime/2486 new file mode 100644 index 000000000..6cd7e0640 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2486 @@ -0,0 +1,15 @@ + + + +RISC-V Regression: QEMU_CPU=f=false,zfinx=true gives misleading error message +Description of problem: +The f extension looks like it should be toggle-able using qemu_cpu since it doesn't throw error messages when specified. +Disabling the extension using f=false does not actually disable it as shown by the zfinx error message. +Eg. Unsupported extension is explicitly rejected +``` +> QEMU_CPU=rv64,j=false ./qemu-riscv64 test.out +qemu-riscv64: can't apply global rv64-riscv-cpu.j=false: Property 'rv64-riscv-cpu.j' not found +``` +Steps to reproduce: +1. Compile any riscv binary like: `int main() {}` +2. Execute using `QEMU_CPU=rv64,zfinx=true,f=false ./qemu-riscv64 test.out` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2505 b/results/classifier/deepseek-r1:32b/output/runtime/2505 new file mode 100644 index 000000000..3eaa737f1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2505 @@ -0,0 +1,4 @@ + + + +Interpreter ELF flags ignored when selecting CPU diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2525 b/results/classifier/deepseek-r1:32b/output/runtime/2525 new file mode 100644 index 000000000..5ba0def18 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2525 @@ -0,0 +1,4 @@ + + + +bFLT triggers accel/tcg/user-exec.c:505: page_set_flags: Assertion `have_mmap_lock()' failed. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2536 b/results/classifier/deepseek-r1:32b/output/runtime/2536 new file mode 100644 index 000000000..afd1e571a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2536 @@ -0,0 +1,4 @@ + + + +Dynamic translation issue of arm instruction VFNMA and VFNMS diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2560 b/results/classifier/deepseek-r1:32b/output/runtime/2560 new file mode 100644 index 000000000..9fb270f27 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2560 @@ -0,0 +1,108 @@ + + + +Go garbage collector crashes when using qemu-x86_64 on an aarch64 host +Description of problem: +Apps compiled for Go and the Go compiler/tool itself crash when they are run with `qemu-x86_64` on an AARCH64 host system. This was not a problem on QEMU 8.2.x (I bisected, see further down). I also seem to recall that Go 1.21 is fine on QEMU 9.x, so maybe some recent change in Go 1.22 + recent changes in QEMU broke something? + +The crash from Go seems to be in the garbage collector, I cannot reproduce the issue when I disable the GC with `GOGC=off`. + +Output from Go when it crashes: + +``` +$ sudo chroot . go build main.go +runtime: lfstack.push invalid packing: node=0xffff6542b2c0 cnt=0x1 packed=0xffff6542b2c00001 -> node=0xffffffff6542b2c0 +fatal error: lfstack.push + +runtime stack: +runtime.throw({0xa95b29?, 0x797b1e2a383c?}) + runtime/panic.go:1023 +0x5c fp=0xc000515f08 sp=0xc000515ed8 pc=0x43c27c +runtime.(*lfstack).push(0x0?, 0xc0005041c0?) + runtime/lfstack.go:29 +0x125 fp=0xc000515f48 sp=0xc000515f08 pc=0x40fd45 +runtime.(*spanSetBlockAlloc).free(...) + runtime/mspanset.go:322 +runtime.(*spanSet).reset(0xf46980) + runtime/mspanset.go:264 +0x79 fp=0xc000515f78 sp=0xc000515f48 pc=0x437219 +runtime.finishsweep_m() + runtime/mgcsweep.go:258 +0x8d fp=0xc000515fb8 sp=0xc000515f78 pc=0x42a6cd +runtime.gcStart.func2() + runtime/mgc.go:685 +0xf fp=0xc000515fc8 sp=0xc000515fb8 pc=0x46e40f +runtime.systemstack(0x0) + runtime/asm_amd64.s:509 +0x4a fp=0xc000515fd8 sp=0xc000515fc8 pc=0x47442a +```` +Steps to reproduce: +0. Use an aarch64 host system! + +1. Set up binfmt to use qemu-x86_64: + +``` +$ cat /proc/sys/fs/binfmt_misc/qemu-x86_64 +enabled +interpreter /usr/bin/qemu-x86_64 +flags: OCF +offset 0 +magic 7f454c4602010100000000000000000002003e00 +mask fffffffffffefe00fffffffffffffffffeffffff +``` + +2. Download/extract x86_64 rootfs: + +``` +$ curl -O https://dl-cdn.alpinelinux.org/alpine/v3.20/releases/x86_64/alpine-minirootfs-3.20.2-x86_64.tar.gz +``` + +3. Create example app in the x86_64 rootfs: + +``` +package main + +func main() { +} +``` + +4. Build using chroot: + +``` +$ sudo chroot /path/to/x86_64/rootfs apk add go +$ sudo chroot /path/to/x86_64/rootfs go build main.go +runtime: lfstack.push invalid packing: node=0xffff6542b2c0 cnt=0x1 packed=0xffff6542b2c00001 -> node=0xffffffff6542b2c0 +fatal error: lfstack.push +... +``` + +5. As noted previously, if the Go garbage collector is disabled, then it works, presumably because it avoids the bug(?) in QEMU: + +``` +$ sudo chroot . env GOGC=off go build main.go +# might have to mount /dev to build successfully, but Go doesn't panic! +``` +Additional information: +I've bisected this exact crash/failure to: + +``` +commit 2952b642a555207748dd961fcbfdc48f198eebb6 +Author: Richard Henderson <richard.henderson@linaro.org> +Date: Tue Feb 13 10:20:27 2024 -1000 + + linux-user: Split out do_munmap + + Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> + Signed-off-by: Richard Henderson <richard.henderson@linaro.org> +``` + +Though a different crash starts happening at the commit before that one: + +``` +commit ad87d26e6bb13257409f412224c862fc54025e8b +Author: Richard Henderson <richard.henderson@linaro.org> +Date: Tue Jan 2 12:57:55 2024 +1100 + + linux-user: Do early mmap placement only for reserved_va + + For reserved_va, place all non-fixed maps then proceed + as for MAP_FIXED. + + Signed-off-by: Richard Henderson <richard.henderson@linaro.org> +``` + +FYI @rth7680 diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2569 b/results/classifier/deepseek-r1:32b/output/runtime/2569 new file mode 100644 index 000000000..2d07cccc8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2569 @@ -0,0 +1,8 @@ + + + +The alpha target doesn't support tcg plugin register tracking due to missing XML +Description of problem: +There is no register tracking because we build our register list based on XML and there was no XML for alpha because its so old. We could synthesise one to cover the register to fix this. +Steps to reproduce: +1. ./qemu-alpha -d plugin -plugin ./contrib/plugins/libexeclog.so,reg=\* ./tests/tcg/alpha-linux-user/hello-alpha diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2580 b/results/classifier/deepseek-r1:32b/output/runtime/2580 new file mode 100644 index 000000000..cdc12b610 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2580 @@ -0,0 +1,15 @@ + + + +qemu-aarch64_be 9.1.0 fails to run any Linux programs due to unreachable in gdb_find_static_feature() +Description of problem: +``` +❯ cat empty.c +void _start() {} +❯ clang empty.c -target aarch64_be-linux -nostdlib -fuse-ld=lld +❯ qemu-aarch64_be ./a.out +** +ERROR:../gdbstub/gdbstub.c:493:gdb_find_static_feature: code should not be reached +Bail out! ERROR:../gdbstub/gdbstub.c:493:gdb_find_static_feature: code should not be reached +fish: Job 1, 'qemu-aarch64_be ./a.out' terminated by signal SIGABRT (Abort) +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2590 b/results/classifier/deepseek-r1:32b/output/runtime/2590 new file mode 100644 index 000000000..94fcd1b86 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2590 @@ -0,0 +1,26 @@ + + + +qemu-x86_64: gdb doesn't read symbols from dynamically linked shared libraries. +Description of problem: +GDB fails to load dynamically linked shared libraries when connecting to qemu-x86_64, causing it to not recognize symbols from the shared libraries. As a result, breakpoints in shared library functions (e.g, `break printf`) do not work. +Steps to reproduce: +1. Start the debug server: `./qemu-x86_64 -g PORT ./x86_64-binary` +2. Connect GDB to the debug server: +``` +$ gdb-multiarch ./x86_64-binary +(gdb) set verbose on +(gdb) target remote :PORT +``` +3. GDB displays a warning and fails to load shared libraries: +``` +(gdb) target remote :PORT +Remote debugging using :PORT +warning: platform-specific solib_create_inferior_hook did not load initial shared libraries. +(gdb) info sharedlibrary +No shared libraries loaded at this time. +``` +Additional information: +This issue does not occur when using gdbserver on a native x86_64 machine and connecting to it from gdb-multiarch on an ARM64 machine, indicating the issue is likely related to QEMU rather than GDB. + +GDB correctly recognizes symbols from the target binary (e.g., the `main` function), and breakpoints at these symbols function as expected. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2596 b/results/classifier/deepseek-r1:32b/output/runtime/2596 new file mode 100644 index 000000000..153a9d456 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2596 @@ -0,0 +1,4 @@ + + + +linux-user elf parsing endianness issue (Invalid note in PT_GNU_PROPERTY) diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2598 b/results/classifier/deepseek-r1:32b/output/runtime/2598 new file mode 100644 index 000000000..0a978ad07 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2598 @@ -0,0 +1,4 @@ + + + +linux-user on riscv64 host: Unable to find a guest_base to satisfy all guest address mapping requirements 00000000-ffffffff diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2606 b/results/classifier/deepseek-r1:32b/output/runtime/2606 new file mode 100644 index 000000000..060630676 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2606 @@ -0,0 +1,201 @@ + + + +PowerPC host code is broken on Darwin +Description of problem: +Existing code is just wrong for Darwin ppc, it won’t compile. Assembler syntax needs to be fixed and likely adjusted to correct ABI. +Steps to reproduce: +1. Run the build of qemu on Darwin ppc, see it fail. +Additional information: +This is a patch I used earlier to fix the build (together with few minor unrelated to powerpc fixes): +``` +--- common-user/host/ppc/safe-syscall.inc.S.orig 2022-04-20 03:10:27.000000000 +0800 ++++ common-user/host/ppc/safe-syscall.inc.S 2023-08-18 18:08:15.000000000 +0800 +@@ -25,17 +25,11 @@ + # else + # error "Unknown ABI" + # endif +-#endif +- +-#ifndef _CALL_SYSV +-# error "Unsupported ABI" + #endif + +- + .global safe_syscall_base + .global safe_syscall_start + .global safe_syscall_end +- .type safe_syscall_base, @function + + .text + +@@ -47,11 +41,8 @@ + * arguments being syscall arguments (also 'long'). + */ + safe_syscall_base: +- .cfi_startproc +- stwu 1, -8(1) +- .cfi_def_cfa_offset 8 +- stw 30, 4(1) +- .cfi_offset 30, -4 ++ stwu r1, -8(r1) ++ stw r30, 4(r1) + + /* + * We enter with r3 == &signal_pending +@@ -64,14 +55,14 @@ + * and returns the result in r3 + * Shuffle everything around appropriately. + */ +- mr 30, 3 /* signal_pending */ +- mr 0, 4 /* syscall number */ +- mr 3, 5 /* syscall arguments */ +- mr 4, 6 +- mr 5, 7 +- mr 6, 8 +- mr 7, 9 +- mr 8, 10 ++ mr r30, r3 /* signal_pending */ ++ mr r0, r4 /* syscall number */ ++ mr r3, r5 /* syscall arguments */ ++ mr r4, r6 ++ mr r5, r7 ++ mr r6, r8 ++ mr r7, r9 ++ mr r8, r10 + + /* + * This next sequence of code works in conjunction with the +@@ -83,25 +74,22 @@ + */ + safe_syscall_start: + /* if signal_pending is non-zero, don't do the call */ +- lwz 12, 0(30) +- cmpwi 0, 12, 0 ++ lwz r12, 0(r30) ++ cmpwi cr0, r12, 0 + bne- 2f + sc + safe_syscall_end: + /* code path when we did execute the syscall */ +- lwz 30, 4(1) /* restore r30 */ +- addi 1, 1, 8 /* restore stack */ +- .cfi_restore 30 +- .cfi_def_cfa_offset 0 ++ lwz r30, 4(r1) /* restore r30 */ ++ addi r1, r1, 8 /* restore stack */ ++ + bnslr+ /* return on success */ + b safe_syscall_set_errno_tail + + /* code path when we didn't execute the syscall */ +-2: lwz 30, 4(1) +- addi 1, 1, 8 +- addi 3, 0, QEMU_ERESTARTSYS ++2: lwz r30, 4(r1) ++ addi r1, r1, 8 ++ addi r3, 0, QEMU_ERESTARTSYS + b safe_syscall_set_errno_tail + +- .cfi_endproc +- + .size safe_syscall_base, .-safe_syscall_base + + +--- common-user/host/ppc64/safe-syscall.inc.S.orig 2022-04-20 03:10:27.000000000 +0800 ++++ common-user/host/ppc64/safe-syscall.inc.S 2022-05-31 13:23:21.000000000 +0800 +@@ -13,7 +13,6 @@ + .global safe_syscall_base + .global safe_syscall_start + .global safe_syscall_end +- .type safe_syscall_base, @function + + .text + +@@ -23,19 +22,10 @@ + * second one the system call number (as a 'long'), and all further + * arguments being syscall arguments (also 'long'). + */ +-#if _CALL_ELF == 2 +-safe_syscall_base: +- .cfi_startproc +- .localentry safe_syscall_base,0 +-#else +- .section ".opd","aw" ++ + .align 3 + safe_syscall_base: +- .quad .L.safe_syscall_base,.TOC.@tocbase,0 +- .previous +-.L.safe_syscall_base: +- .cfi_startproc +-#endif ++ + /* We enter with r3 == &signal_pending + * r4 == syscall number + * r5 ... r10 == syscall arguments +@@ -46,16 +36,15 @@ + * and returns the result in r3 + * Shuffle everything around appropriately. + */ +- std 14, 16(1) /* Preserve r14 in SP+16 */ +- .cfi_offset 14, 16 +- mr 14, 3 /* signal_pending */ +- mr 0, 4 /* syscall number */ +- mr 3, 5 /* syscall arguments */ +- mr 4, 6 +- mr 5, 7 +- mr 6, 8 +- mr 7, 9 +- mr 8, 10 ++ std r14, 16(r1) /* Preserve r14 in SP+16 */ ++ mr r14, r3 /* signal_pending */ ++ mr r0, r4 /* syscall number */ ++ mr r3, r5 /* syscall arguments */ ++ mr r4, r6 ++ mr r5, r7 ++ mr r6, r8 ++ mr r7, r9 ++ mr r8, r10 + + /* This next sequence of code works in conjunction with the + * rewind_if_safe_syscall_function(). If a signal is taken +@@ -66,29 +55,20 @@ + */ + safe_syscall_start: + /* if signal_pending is non-zero, don't do the call */ +- lwz 12, 0(14) +- cmpwi 0, 12, 0 ++ ld r12, 0(r14) ++ cmpdi cr0, r12, 0 + bne- 2f + sc + safe_syscall_end: + /* code path when we did execute the syscall */ +- ld 14, 16(1) /* restore r14 */ ++ ld r14, 16(r1) /* restore r14 */ + bso- 1f + blr + + /* code path when we didn't execute the syscall */ +-2: ld 14, 16(1) /* restore r14 */ +- addi 3, 0, QEMU_ERESTARTSYS ++2: ld r14, 16(r1) /* restore r14 */ ++ addi r3, 0, QEMU_ERESTARTSYS + + /* code path setting errno */ + 1: b safe_syscall_set_errno_tail + nop /* per abi, for the linker to modify */ +- +- .cfi_endproc +- +-#if _CALL_ELF == 2 +- .size safe_syscall_base, .-safe_syscall_base +-#else +- .size safe_syscall_base, .-.L.safe_syscall_base +- .size .L.safe_syscall_base, .-.L.safe_syscall_base +-#endif +``` +(Obviously, it is not made in a portable way – that was not needed at the time.) + +Unfortunately, while build itself worked, the binary crashed on launch. So something is not quite right, maybe with ABI compliance. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/261 b/results/classifier/deepseek-r1:32b/output/runtime/261 new file mode 100644 index 000000000..5e5ce90d0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/261 @@ -0,0 +1,4 @@ + + + +broken signal handling in nios2 user-mode emulation diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2619 b/results/classifier/deepseek-r1:32b/output/runtime/2619 new file mode 100644 index 000000000..785f38446 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2619 @@ -0,0 +1,4 @@ + + + +INTEGER_OVERFLOW in nios2.c diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2628 b/results/classifier/deepseek-r1:32b/output/runtime/2628 new file mode 100644 index 000000000..3a92fac0e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2628 @@ -0,0 +1,23 @@ + + + +dpkg-deb in userspace emulation crashes in compression routine (armv7, aarch64, s390) on some machines +Description of problem: +chroot /scratch/debian-stable/ dpkg-deb -f /var/cache/apt/archives/dpkg_1.21.22_s390x.deb Version + +dpkg-deb: error: subprocess was killed by signal (Aborted), core dumped + +chroot /scratch/debian-stable/ dpkg-deb -f /var/cache/apt/archives/dpkg_1.21.22_arm64.deb Version + +dpkg-deb: error: subprocess was killed by signal (Segmentation fault), core dumped + +chroot /scratch/debian-stable/ dpkg-deb -f /var/cache/apt/archives/dpkg_1.21.22_armhf.deb Version + +dpkg-deb: error: subprocess was killed by signal (Segmentation fault), core dumped +Steps to reproduce: +1. debootstrap --arch=arm64 stable /scratch/debian-stable +2. chroot /scratch/debian-stable/ dpkg-deb -f /var/cache/apt/archives/dpkg_1.21.22_arm64.deb Version +Additional information: +Working environment: Debian 12 x86_64 Linux 6.1.0-25-amd64 qemu 7.2.13 AMD E-450 APU + +chroot can be created on this machine, when transferred to the broken machine (including the qemu binary used for emulation) dpkg cannot extract packages and crashes diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2632 b/results/classifier/deepseek-r1:32b/output/runtime/2632 new file mode 100644 index 000000000..32006cbc2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2632 @@ -0,0 +1,86 @@ + + + +tcg optimization breaking memory access ordering +Description of problem: +The following code creates register dependency between 2 loads, which forces the first load to finish before the second: +``` +movz w0, #0x2 +str w0, [x1] +ldr w2, [x1] +eor w3, w2, w2 +ldr w4, [x5, w3, sxtw] +``` + +While translating it to tcg IR, it keeps this dependency correctly. +But after running tcg optimizations, it optimized the tcg sequence for `eor w3, w2, w2` at `0000000000000144` to `mov_i64 x3,$0x0`. which then removes the dependency between the loads. + +It results in incorrect behavior on the host on a multiple threaded program +Steps to reproduce: +1. +2. +3. +Additional information: +``` +OP: + ld_i32 loc0,env,$0xfffffffffffffff0 + brcond_i32 loc0,$0x0,lt,$L0 + st8_i32 $0x0,env,$0xfffffffffffffff4 + + ---- 0000000000000134 0000000000000000 0000000000000000 + add_i64 x28,x28,$0x2 + + ---- 0000000000000138 0000000000000000 0000000000000000 + mov_i64 x0,$0x2 + + ---- 000000000000013c 0000000000000000 0000000000001c00 + mov_i64 loc3,x1 + mov_i64 loc4,loc3 + qemu_st_a64_i64 x0,loc4,w16+un+leul,2 + + ---- 0000000000000140 0000000000000000 0000000000001c10 + mov_i64 loc5,x1 + mov_i64 loc6,loc5 + qemu_ld_a64_i64 x2,loc6,w16+un+leul,2 + + ---- 0000000000000144 0000000000000000 0000000000000000 + and_i64 loc7,x2,$0xffffffff + xor_i64 x3,x2,loc7 + and_i64 x3,x3,$0xffffffff + + ---- 0000000000000148 0000000000000000 0000000000001c20 + mov_i64 loc9,x5 + mov_i64 loc10,x3 + ext32s_i64 loc10,loc10 + add_i64 loc9,loc9,loc10 + mov_i64 loc11,loc9 + qemu_ld_a64_i64 x4,loc11,w16+un+leul,2 + st8_i32 $0x1,env,$0xfffffffffffffff4 +``` + + +``` +OP after optimization and liveness analysis: + ld_i32 tmp0,env,$0xfffffffffffffff0 pref=0xffffffff + brcond_i32 tmp0,$0x0,lt,$L0 dead: 0 + st8_i32 $0x0,env,$0xfffffffffffffff4 dead: 0 + + ---- 0000000000000134 0000000000000000 0000000000000000 + add_i64 x28,x28,$0x2 sync: 0 dead: 0 1 pref=0xffffffff + + ---- 0000000000000138 0000000000000000 0000000000000000 + mov_i64 x0,$0x2 sync: 0 dead: 0 pref=0xffffffff + + ---- 000000000000013c 0000000000000000 0000000000001c00 + qemu_st_a64_i64 $0x2,x1,w16+un+leul,2 dead: 0 + + ---- 0000000000000140 0000000000000000 0000000000001c10 + qemu_ld_a64_i64 x2,x1,w16+un+leul,2 sync: 0 dead: 0 1 pref=0xffffffff + + ---- 0000000000000144 0000000000000000 0000000000000000 + mov_i64 x3,$0x0 sync: 0 dead: 0 1 pref=0xffffffff + + ---- 0000000000000148 0000000000000000 0000000000001c20 + qemu_ld_a64_i64 x4,x5,w16+un+leul,2 sync: 0 dead: 0 1 pref=0xffffffff + st8_i32 $0x1,env,$0xfffffffffffffff4 dead: 0 +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2647 b/results/classifier/deepseek-r1:32b/output/runtime/2647 new file mode 100644 index 000000000..ac6622d86 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2647 @@ -0,0 +1,50 @@ + + + +A code error in accel/tcg/user-exec.c +Description of problem: +accel/tcg/user-exec.c: +``` +static int probe_access_internal(CPUArchState *env, vaddr addr, + int fault_size, MMUAccessType access_type, + bool nonfault, uintptr_t ra) +{ + int acc_flag; + bool maperr; + + switch (access_type) { + case MMU_DATA_STORE: + acc_flag = PAGE_WRITE_ORG; + break; + case MMU_DATA_LOAD: + acc_flag = PAGE_READ; + break; + case MMU_INST_FETCH: + acc_flag = PAGE_EXEC; + break; + default: + g_assert_not_reached(); + } + + if (guest_addr_valid_untagged(addr)) { + int page_flags = page_get_flags(addr); + if (page_flags & acc_flag) { + if ((acc_flag == PAGE_READ || acc_flag == PAGE_WRITE) + && cpu_plugin_mem_cbs_enabled(env_cpu(env))) { + return TLB_MMIO; + } + return 0; /* success */ + } + maperr = !(page_flags & PAGE_VALID); + } else { + maperr = true; + } + + if (nonfault) { + return TLB_INVALID_MASK; + } + + cpu_loop_exit_sigsegv(env_cpu(env), addr, access_type, maperr, ra); +} +``` +The conditional judgment "acc_flag == PAGE_WRITE" seems to have an issue, because acc_flag can only be PAGE_WRITE_ORG, PAGE_READ or PAGE_EXEC from the previous code. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2655 b/results/classifier/deepseek-r1:32b/output/runtime/2655 new file mode 100644 index 000000000..eb6ceccef --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2655 @@ -0,0 +1,42 @@ + + + +A problem in target/riscv/vector_helper.c: vext_ldff() +Description of problem: +I‘m confused about a behavior in function vext_ldff() in target/riscv/vector_helper.c: +``` +static inline void +vext_ldff(...) +{ +... + for (i = env->vstart; i < env->vl; i++) { +... + if (i == 0) { + probe_pages(env, addr, nf << log2_esz, ra, MMU_DATA_LOAD); + } else { +... + flags = probe_access_flags(env, addr, offset, MMU_DATA_LOAD, + mmu_index, true, &host, 0); +... + if (flags & ~TLB_WATCHPOINT) { + vl = i; + goto ProbeSuccess; + } +... + } + } +ProbeSuccess: +... +} +``` +If the current instruction has a memory callback by plugin, the function probe_access_flags() will return TLB_MMIO when the page is exist. + +In this case, the function will always set vl to 1, goto ProbeSuccess, and only load the first element. Does it meet expectations? + +This problem occurred in both linux-user mode and full-system mode. + +Maybe we can add extra parameter to probe_access_flags(), in order to change the behavior of inner functions. +Steps to reproduce: +1. Make a binary with instruction vle(x)ff.v, what I am using is https://github.com/chipsalliance/riscv-vector-tests. +2. Write a plugin to add memory callbacks. +3. Observe the behavior of the function. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2672 b/results/classifier/deepseek-r1:32b/output/runtime/2672 new file mode 100644 index 000000000..00d274700 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2672 @@ -0,0 +1,23 @@ + + + +Skipping a jal instruction in riscv64 baremetal emulation +Description of problem: +The binary contains an illegal instruction after a jal. Normally the jal should be taken but the illegal instructi[aia_tests2.elf](/uploads/b8b646b01d7bcc15b51c36ddbffacac7/aia_tests2.elf)on next to the jal is executed generating and illegal instruction exception: + +``` +0x80006070: 00200513 addi a0,zero,2 +0x80006074: 89cff0ef jal ra,-3940 # 0x80005110 + +---------------- +IN: _Z15int_switch_modehh +0x80006078: 0000 illegal + +---------------- +IN: mtvec_table +0x8000e600: 64d0406f j 20044 # 0x8001344c +``` +Steps to reproduce: +1. Execute the same binary with QEMU. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2683 b/results/classifier/deepseek-r1:32b/output/runtime/2683 new file mode 100644 index 000000000..d39a01af4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2683 @@ -0,0 +1,42 @@ + + + +TCG: probe_access() has inconsistent behavior +Description of problem: +In full-system mode, probe_access() will return NULL when the flag is TLB_MMIO. + +accel/tcg/cputlb.c: probe_access_internal() +``` + if (unlikely(flags & ~(TLB_WATCHPOINT | TLB_NOTDIRTY | TLB_CHECK_ALIGNED)) + || (access_type != MMU_INST_FETCH && force_mmio)) { + *phost = NULL; + return TLB_MMIO; + } +``` +But in linux-user mode, it will return correct address when the flag is TLB_MMIO. + +accel/tcg/user-exec.c: probe_access() +``` + return size ? g2h(env_cpu(env), addr) : NULL; +``` +This will lead to some different behaviors, like cbo.zero in RISC-V. + +target/riscv/op_helper.c: helper_cbo_zero() +``` + mem = probe_write(env, address, cbozlen, mmu_idx, ra); + + if (likely(mem)) { + memset(mem, 0, cbozlen); + } else { + for (int i = 0; i < cbozlen; i++) { + cpu_stb_mmuidx_ra(env, address + i, 0, mmu_idx, ra); + } + } +``` +When the current instruction has memory callback by plugin: + +Full-system mode uses slow-path(cpu_stb_mmuidx_ra) and inject mem_cbs correctly. + +Linux-user mode uses fast-path(memset) and doesn't inject callbacks. + +To ensure consistent results, probe_access() should return NULL when the flag is TLB_MMIO in linux-user mode. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2730 b/results/classifier/deepseek-r1:32b/output/runtime/2730 new file mode 100644 index 000000000..7d94e5a01 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2730 @@ -0,0 +1,13 @@ + + + +riscv Calculation error! +Steps to reproduce: +The following command will produce an error output + +```asm + lui s0, 0x80000 + lw a1, -48(s0) +``` +The value of a1 becomes 0xffffffff + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2738 b/results/classifier/deepseek-r1:32b/output/runtime/2738 new file mode 100644 index 000000000..0af803764 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2738 @@ -0,0 +1,13 @@ + + + +golang 1.23 build hangs when running under qemu-user on x86_64 host +Description of problem: +Forwarded from https://github.com/golang/go/issues/70329. + +# +Steps to reproduce: +1. Setup qemu-user binfmt for a foreign ISA, for example, installs qemu-user-static-aarch64 on Fedora. +2. Build the Dockerfile for specified arch: `podman build --arch aarch64 .` +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/275 b/results/classifier/deepseek-r1:32b/output/runtime/275 new file mode 100644 index 000000000..e7650ebec --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/275 @@ -0,0 +1,4 @@ + + + +Error in user-mode calculation of ELF aux vector's AT_PHDR diff --git a/results/classifier/deepseek-r1:32b/output/runtime/276 b/results/classifier/deepseek-r1:32b/output/runtime/276 new file mode 100644 index 000000000..b44725302 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/276 @@ -0,0 +1,4 @@ + + + +Error in user-mode calculation of ELF program's brk diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2761 b/results/classifier/deepseek-r1:32b/output/runtime/2761 new file mode 100644 index 000000000..83689da66 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2761 @@ -0,0 +1,11 @@ + + + +Emulation of x86_64 binary on ARM64 fails with "Unable to find a guest_base to satisfy all guest address mapping requirements" +Description of problem: +Virtualisation fails with error "Unable to find a guest_base to satisfy all guest address mapping requirements" + +``` +file /nix/store/razasrvdg7ckplfmvdxv4ia3wbayr94s-bootstrap-tools/bin/bash +/nix/store/razasrvdg7ckplfmvdxv4ia3wbayr94s-bootstrap-tools/bin/bash: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /nix/store/razasrvdg7ckplfmvdxv4ia3wbayr94s-bootstrap-tools/lib/ld-linux-x86-64.so.2, for GNU/Linux 3.10.0, BuildID[sha1]=2938b076ebbc4ea582b8eb1ea5c3f65d7a1b6261, stripped +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/280 b/results/classifier/deepseek-r1:32b/output/runtime/280 new file mode 100644 index 000000000..a52d19ece --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/280 @@ -0,0 +1,4 @@ + + + +(ARM64) qemu-x86_64+schroot(Debian bullseye) can't run chrome and can't load HTML diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2802 b/results/classifier/deepseek-r1:32b/output/runtime/2802 new file mode 100644 index 000000000..e174b9b20 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2802 @@ -0,0 +1,29 @@ + + + +Sparc: fdtox/fqtox instructions incorrectly select destination register +Description of problem: +This bug report is mostly for informational purposes as I will be posting a fix for the bug. + +The `fdtox` and `fqtox` instructions incorrectly select the destination register when the destination register is higher than `f31`. +Steps to reproduce: +1. Install Sparc cross compiler `gcc-12-sparc64-linux-gnu`(in Debian) +2. Compile the test program using `sparc64-linux-gnu-gcc-12 -m64 -o test_program -static test_program.c` +3. Run the test program using `qemu-sparc64-static ./test_program` +4. Expected output is 60. Prints 0 instead. +Additional information: +Test program to test the issue: + +```c +#include <stdio.h> + +int main(int argc, char** argv) { + long long truncated = 0; + __asm__("fdtox %0,%%f32\n\t" :: "f"(60.0)); + __asm__("fmovd %%f32,%0\n\t" : "=f"(truncated)); + printf("%lld\n", truncated); + return 0; +} +``` + +The issue is caused by the commit 0bba7572d4. Where certain changes were made in the way destination registers are selected(moving the DFPREG/QFPREG to decodetree). diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2815 b/results/classifier/deepseek-r1:32b/output/runtime/2815 new file mode 100644 index 000000000..4236102b4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2815 @@ -0,0 +1,4 @@ + + + +clang 17 and newer -fsanitize=function causes QEMU user-mode to SEGV when calling TCG prologue diff --git a/results/classifier/deepseek-r1:32b/output/runtime/2846 b/results/classifier/deepseek-r1:32b/output/runtime/2846 new file mode 100644 index 000000000..e2a6268f1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/2846 @@ -0,0 +1,4 @@ + + + +linux-user hangs if fd_trans_lock is held during fork diff --git a/results/classifier/deepseek-r1:32b/output/runtime/311 b/results/classifier/deepseek-r1:32b/output/runtime/311 new file mode 100644 index 000000000..ff15261db --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/311 @@ -0,0 +1,4 @@ + + + +qemu user mode: rt signals not implemented for sparc guests diff --git a/results/classifier/deepseek-r1:32b/output/runtime/333 b/results/classifier/deepseek-r1:32b/output/runtime/333 new file mode 100644 index 000000000..674954ef0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/333 @@ -0,0 +1,4 @@ + + + +random errors on aarch64 when executing __aarch64_cas8_acq_rel diff --git a/results/classifier/deepseek-r1:32b/output/runtime/355 b/results/classifier/deepseek-r1:32b/output/runtime/355 new file mode 100644 index 000000000..8286c0d0f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/355 @@ -0,0 +1,4 @@ + + + +A possible divide by zero bug in get_whole_cluster diff --git a/results/classifier/deepseek-r1:32b/output/runtime/361 b/results/classifier/deepseek-r1:32b/output/runtime/361 new file mode 100644 index 000000000..afcbbb584 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/361 @@ -0,0 +1,4 @@ + + + +-cpu host results in unsupported AVX512 instructions diff --git a/results/classifier/deepseek-r1:32b/output/runtime/385 b/results/classifier/deepseek-r1:32b/output/runtime/385 new file mode 100644 index 000000000..1b07af179 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/385 @@ -0,0 +1,4 @@ + + + +ARM user regression since 87b74e8b6edd287ea2160caa0ebea725fa8f1ca1 diff --git a/results/classifier/deepseek-r1:32b/output/runtime/419 b/results/classifier/deepseek-r1:32b/output/runtime/419 new file mode 100644 index 000000000..f9d5b396d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/419 @@ -0,0 +1,4 @@ + + + +bsd-user dumps core for all binaries emulated diff --git a/results/classifier/deepseek-r1:32b/output/runtime/442 b/results/classifier/deepseek-r1:32b/output/runtime/442 new file mode 100644 index 000000000..ea8a9a235 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/442 @@ -0,0 +1,4 @@ + + + +Firebird crashes on qemu-m68k-user with pthread_mutex_init error diff --git a/results/classifier/deepseek-r1:32b/output/runtime/447 b/results/classifier/deepseek-r1:32b/output/runtime/447 new file mode 100644 index 000000000..ab1490919 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/447 @@ -0,0 +1,4 @@ + + + +qemu-arm: Unable to reserve 0xffff0000 bytes of virtual address space at 0x1000 (Success) for use as guest address space (check yourvirtual memory ulimit setting, min_mmap_addr or reserve less using -R option) diff --git a/results/classifier/deepseek-r1:32b/output/runtime/514 b/results/classifier/deepseek-r1:32b/output/runtime/514 new file mode 100644 index 000000000..76794e17a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/514 @@ -0,0 +1,28 @@ + + + +MTE reports false positive for "str" instruction with the SP as the base register. +Description of problem: +When PE executes "sp"-based store instruction with offset I got tag check fault exception. But according to arm spec. load or store that uses "sp" register should generate Tag Unchecked access. +Steps to reproduce: +Clang version: clang version 12.0.1. +I compiled my code using "-target aarch64-linux -march=armv8+memtag -fsanitize=memtag" for Clang. Clang generates following code: +``` +0000000000000c14 <test_func>: + c14: a9bc7bfd stp x29, x30, [sp, #-64]! + c18: f9000bf7 str x23, [sp, #16] + ... +``` +Whole stack was mapped in translation tables as Tagged memory."SCTLR" register was configured to trigger synchronous exception on tag mismatch. +When cpu executes firs instruction "stp x29, x30, [sp, #-64]!" I got tag check fault exception: "0b010001 When FEAT_MTE is implemented Synchronous Tag Check Fault": +ESR_EL1=0x96000051. + +According to ARM specification load or store that uses "sp" register should generate Tag Unchecked access: +``` +A Tag Unchecked access will be generated for a load or store that uses either of the following: +• A base register only, with the SP as the base register. +• A base register plus immediate offset addressing form, with the SP as the base register. +``` +Looks like qemu erroneously generates tag mismatch exceptions for SP-based loads and stores with immediate offset. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/runtime/562107 b/results/classifier/deepseek-r1:32b/output/runtime/562107 new file mode 100644 index 000000000..89ee18571 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/562107 @@ -0,0 +1,15 @@ + + + +QEmu GDB stub uses IPv6 instead of v4 (or both) + +This bug has been reported by several people already. + +See http://migeel.sk/blog/2009/04/21/gdb-and-qemu-on-windows/ +and http://qemu-forum.ipi.fi/viewtopic.php?f=5&t=5579&p=16248&hilit=gdb+ipv6#p16248 + + +Seems like a very easy fix. + +Regards, +Matthijs ter Woord \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/616 b/results/classifier/deepseek-r1:32b/output/runtime/616 new file mode 100644 index 000000000..3aa0af141 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/616 @@ -0,0 +1,110 @@ + + + +overflow condition code determined incorrectly after addition on s390x +Description of problem: +The following program foo.c +[foo.c](/uploads/78f5f799af6e3c400a6a42634f3f0e63/foo.c) + +``` +#include <stdio.h> + +int overflow_32 (int x, int y) +{ + int sum; + return ! __builtin_add_overflow (x, y, &sum); +} + +int overflow_64 (long long x, long long y) +{ + long sum; + return ! __builtin_add_overflow (x, y, &sum); +} + +int a1 = -2147483648; +int b1 = -2147483648; +long long a2 = -9223372036854775808L; +long long b2 = -9223372036854775808L; + +int main () +{ + { + int a = a1; + int b = b1; + printf ("a = 0x%x, b = 0x%x\n", a, b); + printf ("no_overflow = %d\n", overflow_32 (a, b)); + } + { + long long a = a2; + long long b = b2; + printf ("a = 0x%llx, b = 0x%llx\n", a, b); + printf ("no_overflow = %d\n", overflow_64 (a, b)); + } +} +``` + +should print + +``` +a = 0x80000000, b = 0x80000000 +no_overflow = 0 +a = 0x8000000000000000, b = 0x8000000000000000 +no_overflow = 0 +``` + +However, when compiled as an s390x program and executed through +qemu 6.1.0 (Linux user-mode), it prints 'no_overflow = 1' twice. + +``` +$ s390x-linux-gnu-gcc-10 --version +s390x-linux-gnu-gcc-10 (Ubuntu 10.3.0-1ubuntu1~20.04) 10.3.0 +``` + +``` +$ s390x-linux-gnu-gcc-10 -static foo.c +$ ~/inst-qemu/6.1.0/bin/qemu-s390x a.out +a = 0x80000000, b = 0x80000000 +no_overflow = 1 +a = 0x8000000000000000, b = 0x8000000000000000 +no_overflow = 1 +``` + +``` +$ s390x-linux-gnu-gcc-10 -O2 -static foo.c +$ ~/inst-qemu/6.1.0/bin/qemu-s390x a.out +a = 0x80000000, b = 0x80000000 +no_overflow = 1 +a = 0x8000000000000000, b = 0x8000000000000000 +no_overflow = 1 +``` + +The code generated by 's390x-linux-gnu-gcc-10 -O2' makes use of the +'o' (overflow / ones) condition code: + +``` +overflow_64: + lgr %r1,%r2 ;; copy a into %r1 + lghi %r2,0 + agr %r1,%r3 ;; add a and b + bnor %r14 ;; if no overflow, return %r2 = 0 + lghi %r2,1 + br %r14 ;; otherwise, return %r2 = 1 +``` + +Either the bug is in GCC, that is, GCC produces code that uses the CPU's +overflow condition code when it shouldn't. + +Or the bug is in QEMU, that is, QEMU does not set the overflow condition +code correctly. + +This can be decided by running the above program on real Linux/s390x hardware +(to which I don't have access). +Steps to reproduce: +[foo.static.s390x](/uploads/ac41abf4c54baf9ca96ba82d75a24ad6/foo.static.s390x) +(foo.static.s390x is attached, the result of "s390x-linux-gnu-gcc-10 -static -O2 foo.c -o foo.static.s390x") + +1. `qemu-s390x foo.static.s390x` +Additional information: +If the bug is really in QEMU, the attached patch fixes it. + +[0001-s390x-Fix-determination-of-overflow-condition-code-a.patch](/uploads/552917079ccd25f1861d682fc9dee3e8/0001-s390x-Fix-determination-of-overflow-condition-code-a.patch) diff --git a/results/classifier/deepseek-r1:32b/output/runtime/633 b/results/classifier/deepseek-r1:32b/output/runtime/633 new file mode 100644 index 000000000..efbea0762 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/633 @@ -0,0 +1,35 @@ + + + +i686-arm-user-static - Allocating guest commpage: Operation not permitted +Steps to reproduce: +1. Run the test case linked earlier. +2. You'll see `apt update` failing: + +``` +Get:1 http://archive.raspberrypi.org/debian buster InRelease [32.6 kB] +Get:2 http://raspbian.raspberrypi.org/raspbian buster InRelease [15.0 kB] +Err:1 http://archive.raspberrypi.org/debian buster InRelease + At least one invalid signature was encountered. +Err:2 http://raspbian.raspberrypi.org/raspbian buster InRelease + At least one invalid signature was encountered. +Reading package lists... Done +W: GPG error: http://archive.raspberrypi.org/debian buster InRelease: At least one invalid signature was encountered. +E: The repository 'http://archive.raspberrypi.org/debian buster InRelease' is not signed. +N: Updating from such a repository can't be done securely, and is therefore disabled by default. +N: See apt-secure(8) manpage for repository creation and user configuration details. +W: GPG error: http://raspbian.raspberrypi.org/raspbian buster InRelease: At least one invalid signature was encountered. +E: The repository 'http://raspbian.raspberrypi.org/raspbian buster InRelease' is not signed. +N: Updating from such a repository can't be done securely, and is therefore disabled by default. +N: See apt-secure(8) manpage for repository creation and user configuration details. +``` +Additional information: +Setting `sysctl vm.mmap_min_addr=53248` makes it work (as opposed to the system default of 65536). + +Bisecting the bug linked earlier also breaks this in a slightly different way. Everything works at 87b74e8b6edd287ea2160caa0ebea725fa8f1ca1. After that, apt update appears to work, but the package lists end up empty, so nothing can be installed. Then after 975ac4559c4c00010e05f7a3e782eeb9497837ea, the output is as provided above. + +apt launches /usr/lib/apt/methods/gpgv and passes it some commands through stdin. gpgv launches /usr/bin/apt-key, which fails with `Allocating guest commpage: Operation not permitted`. Running gpgv directly and sending the same commands works without any issues. The problem only occurs when gpgv is run through apt. (I don't meant the normal system gpgv binary, but the transport method binary that comes with apt) + +Getting any output is tricky because by the time apt-key is launched, gpgv redirects stdout and stderr to /dev/null and communication takes place through fd 3. https://salsa.debian.org/apt-team/apt/-/blob/2.2.4/apt-pkg/contrib/gpgv.cc#L355 https://salsa.debian.org/apt-team/apt/-/blob/main/methods/gpgv.cc#L186 + +I had to do some ugly things with different versions of qemu and wrapper scripts to see the commpage error, but hopefully there's enough information provided here that it won't be necessary. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/645662 b/results/classifier/deepseek-r1:32b/output/runtime/645662 new file mode 100644 index 000000000..50426a819 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/645662 @@ -0,0 +1,43 @@ + + + +QEMU x87 emulation of trig and other complex ops is only at 64-bit precision, not 80-bit + +When doing the regression tests for Python 3.1.2 with Qemu 0.12.5, (Linux version 2.6.26-2-686 (Debian 2.6.26-25lenny1)), +gcc (Debian 4.3.2-1.1) 4.3.2, Python compiled from sources within qemu, +3 math tests fail, apparently because the floating point unit is buggy. Qmeu was compiled from original sources +on Debian Lenny with kernel 2.6.34.6 from kernel.org, gcc (Debian 4.3.2-1.1) 4.3. + +Regression testing errors: + +test_cmath +test test_cmath failed -- Traceback (most recent call last): + File "/root/tools/python3/Python-3.1.2/Lib/test/test_cmath.py", line 364, in + self.fail(error_message) +AssertionError: acos0034: acos(complex(-1.0000000000000002, 0.0)) +Expected: complex(3.141592653589793, -2.1073424255447014e-08) +Received: complex(3.141592653589793, -2.1073424338879928e-08) +Received value insufficiently close to expected value. + + +test_float +test test_float failed -- Traceback (most recent call last): + File "/root/tools/python3/Python-3.1.2/Lib/test/test_float.py", line 479, in + self.assertEqual(s, repr(float(s))) +AssertionError: '8.72293771110361e+25' != '8.722937711103609e+25' + + +test_math +test test_math failed -- multiple errors occurred; run in verbose mode for deta + +=> + +runtests.sh -v test_math + +le01:~/tools/python3/Python-3.1.2# ./runtests.sh -v test_math +test_math BAD + 1 BAD + 0 GOOD + 0 SKIPPED + 1 total +le01:~/tools/python3/Python-3.1.2# \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/693 b/results/classifier/deepseek-r1:32b/output/runtime/693 new file mode 100644 index 000000000..30224262f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/693 @@ -0,0 +1,13 @@ + + + +Qemu increased memory usage with TCG +Description of problem: +The issue is that instances that are supposed to use only a small amount of memory (like 256MB) suddenly use a much higher amount of RSS when running the accel=tcg, around 512MB in the above example. This was not happening with qemu-4.2 (on Ubuntu 20.04). This is also not happening when using accel=kvm instead. The issue has been first noticed on Debian 11 (Bullseye) with the versions above, but it is happening in the same way on Centos 8 Stream, Ubuntu 21.10 and a pre-release version of Ubuntu 22.04. It also also seen when testing with qemu-6.1 built from source. +Steps to reproduce: +1. Deploy devstack (https://opendev.org/openstack/devstack) with VIRT_TYPE=qemu on a VM +2. Start an instance with cirros image and a flavor allocating 256MB +3. Do a ps and see a RSS size of about 512MB being used after the instance has finished booting +4. Expected result (seen with qemu-4.2 or VIRT_TYPE=kvm): RSS stays < 256MB +Additional information: +I can try to find a smaller commandline for manual reproduction if needed. The above sample is generated by OpenStack Nova via libvirt. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/695 b/results/classifier/deepseek-r1:32b/output/runtime/695 new file mode 100644 index 000000000..9b14ae6c3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/695 @@ -0,0 +1,4 @@ + + + +MIPS: nanomips p32 ABI not supported diff --git a/results/classifier/deepseek-r1:32b/output/runtime/697 b/results/classifier/deepseek-r1:32b/output/runtime/697 new file mode 100644 index 000000000..35cb85c47 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/697 @@ -0,0 +1,4 @@ + + + +linux-user create default CPU type before parsing the ELF header for specific CPU type diff --git a/results/classifier/deepseek-r1:32b/output/runtime/698 b/results/classifier/deepseek-r1:32b/output/runtime/698 new file mode 100644 index 000000000..358550753 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/698 @@ -0,0 +1,361 @@ + + + +linux-user: emulated process reading /proc/self/mem doesn't see guest view of memory map +Description of problem: +QEMU user-mode emulation of a 32-bit guest on a 64-bit host doesn't seem to emulate `/proc/self/mem` (or `/proc/$pid/mem`) correctly. Based on the contents of `/proc/self/maps`, there seems to be some sort of address translation happening that `/proc/self/mem` doesn't honor. + +The following source file: + +```c +#include <fcntl.h> +#include <inttypes.h> +#include <stdbool.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <unistd.h> +#include <sys/wait.h> + +static const char string[] = "Hello, world!\n"; + +static bool copy_to_stdout(const char *path) +{ + bool success = false; + + int fd = open(path, O_RDONLY); + if (fd < 0) { + perror("open"); + return false; + } + + char buf[16 * 1024]; + while (true) { + ssize_t bytes_read = read(fd, buf, sizeof(buf)); + if (bytes_read == 0) { + success = true; + goto out; + } else if (bytes_read < 0) { + perror("read"); + goto out; + } + ssize_t bytes_written = 0; + while (bytes_written < bytes_read) { + ssize_t ret = write(STDOUT_FILENO, buf + bytes_written, + bytes_read - bytes_written); + if (ret < 0) { + perror("write"); + goto out; + } + bytes_written += ret; + } + } + +out: + close(fd); + return success; +} + +static bool dump_maps(void) +{ + printf("Maps read by self:\n"); + fflush(stdout); + if (!copy_to_stdout("/proc/self/maps")) + return false; + + printf("\nMaps read by child process:\n"); + fflush(stdout); + pid_t pid = fork(); + if (pid < 0) { + perror("fork"); + return false; + } + if (pid == 0) { + char parent_maps[32]; + sprintf(parent_maps, "/proc/%u/maps", (unsigned int)getppid()); + if (copy_to_stdout(parent_maps)) + _exit(EXIT_SUCCESS); + else + _exit(EXIT_FAILURE); + } + int wstatus; + if (waitpid(pid, &wstatus, 0) < 0 || + !WIFEXITED(wstatus) || WEXITSTATUS(wstatus) != EXIT_SUCCESS) + return false; + + printf("\n"); + return true; +} + +int main(void) +{ + if (!dump_maps()) + return EXIT_FAILURE; + + int fd = open("/proc/self/mem", O_RDONLY); + if (fd < 0) { + perror("open: /proc/self/mem"); + return EXIT_FAILURE; + } + + char buf[sizeof(string)]; + printf("Reading %zu bytes from %p (%" PRIuPTR ") to %p of PID %u\n", + sizeof(buf), string, (uintptr_t)string, buf, + (unsigned int)getpid()); + fflush(stdout); + + if (pread(fd, buf, sizeof(buf), (uintptr_t)string) < 0) { + perror("pread: /proc/self/mem"); + return EXIT_FAILURE; + } + + if (memcmp(buf, string, sizeof(buf)) != 0) { + fprintf(stderr, "buffer doesn't match\n"); + return EXIT_FAILURE; + } + + return EXIT_SUCCESS; +} +``` + +when compiled for 32-bit ARM produces the following output: + +``` +Maps read by self: +10000-7c000 r-xp 00000000 00:19 8275924 /home/osandov/repro +7c000-8b000 ---p 00000000 00:00 0 +8b000-8c000 r--p 0006b000 00:19 8275924 /home/osandov/repro +8c000-8d000 rw-p 0006c000 00:19 8275924 /home/osandov/repro +8d000-b0000 rw-p 00000000 00:00 0 +3ffff000-40000000 r-xp 00000000 00:00 0 +40000000-40001000 ---p 00000000 00:00 0 +40001000-40801000 rw-p 00000000 00:00 0 [stack] + +Maps read by child process: +00010000-00020000 ---p 00000000 00:00 0 +00020000-0008c000 r--p 00000000 00:19 8275924 /home/osandov/repro +0008c000-0009b000 ---p 00000000 00:00 0 +0009b000-0009c000 r--p 0006b000 00:19 8275924 /home/osandov/repro +0009c000-0009d000 rw-p 0006c000 00:19 8275924 /home/osandov/repro +0009d000-000c0000 rw-p 00000000 00:00 0 +000c0000-4000f000 ---p 00000000 00:00 0 +4000f000-40010000 r--p 00000000 00:00 0 +40010000-40011000 ---p 00000000 00:00 0 +40011000-40811000 rw-p 00000000 00:00 0 +40811000-100000000 ---p 00000000 00:00 0 +100000000-100001000 r--p 00000000 00:00 0 +5636dd7a2000-5636dd8a4000 r--p 00000000 00:19 8270028 /home/osandov/repos/qemu/build/qemu-arm +5636dd8a4000-5636ddb13000 r-xp 00102000 00:19 8270028 /home/osandov/repos/qemu/build/qemu-arm +5636ddb13000-5636ddf69000 r--p 00371000 00:19 8270028 /home/osandov/repos/qemu/build/qemu-arm +5636ddf6a000-5636ddfe7000 r--p 007c7000 00:19 8270028 /home/osandov/repos/qemu/build/qemu-arm +5636ddfe7000-5636ddff3000 rw-p 00844000 00:19 8270028 /home/osandov/repos/qemu/build/qemu-arm +5636ddff3000-5636de010000 rw-p 00000000 00:00 0 +5636df67b000-5636df80c000 rw-p 00000000 00:00 0 [heap] +7f3008000000-7f300ffff000 rwxp 00000000 00:00 0 +7f300ffff000-7f3010000000 ---p 00000000 00:00 0 +7f3010000000-7f3010021000 rw-p 00000000 00:00 0 +7f3010021000-7f3014000000 ---p 00000000 00:00 0 +7f3017119000-7f301719a000 rw-p 00000000 00:00 0 +7f301719a000-7f301719b000 ---p 00000000 00:00 0 +7f301719b000-7f30179a1000 rw-p 00000000 00:00 0 +7f30179a1000-7f30179a3000 r--p 00000000 00:19 3660771 /usr/lib/libffi.so.8.1.0 +7f30179a3000-7f30179a9000 r-xp 00002000 00:19 3660771 /usr/lib/libffi.so.8.1.0 +7f30179a9000-7f30179ab000 r--p 00008000 00:19 3660771 /usr/lib/libffi.so.8.1.0 +7f30179ab000-7f30179ac000 r--p 00009000 00:19 3660771 /usr/lib/libffi.so.8.1.0 +7f30179ac000-7f30179ad000 rw-p 0000a000 00:19 3660771 /usr/lib/libffi.so.8.1.0 +7f30179ad000-7f30179be000 r--p 00000000 00:19 1476709 /usr/lib/libgmp.so.10.4.1 +7f30179be000-7f3017a32000 r-xp 00011000 00:19 1476709 /usr/lib/libgmp.so.10.4.1 +7f3017a32000-7f3017a49000 r--p 00085000 00:19 1476709 /usr/lib/libgmp.so.10.4.1 +7f3017a49000-7f3017a4a000 ---p 0009c000 00:19 1476709 /usr/lib/libgmp.so.10.4.1 +7f3017a4a000-7f3017a4c000 r--p 0009c000 00:19 1476709 /usr/lib/libgmp.so.10.4.1 +7f3017a4c000-7f3017a4d000 rw-p 0009e000 00:19 1476709 /usr/lib/libgmp.so.10.4.1 +7f3017a4d000-7f3017a56000 r--p 00000000 00:19 2871144 /usr/lib/libhogweed.so.6.4 +7f3017a56000-7f3017a69000 r-xp 00009000 00:19 2871144 /usr/lib/libhogweed.so.6.4 +7f3017a69000-7f3017a93000 r--p 0001c000 00:19 2871144 /usr/lib/libhogweed.so.6.4 +7f3017a93000-7f3017a95000 r--p 00045000 00:19 2871144 /usr/lib/libhogweed.so.6.4 +7f3017a95000-7f3017a96000 rw-p 00047000 00:19 2871144 /usr/lib/libhogweed.so.6.4 +7f3017a96000-7f3017a98000 rw-p 00000000 00:00 0 +7f3017a98000-7f3017aa4000 r--p 00000000 00:19 2871147 /usr/lib/libnettle.so.8.4 +7f3017aa4000-7f3017ac5000 r-xp 0000c000 00:19 2871147 /usr/lib/libnettle.so.8.4 +7f3017ac5000-7f3017adb000 r--p 0002d000 00:19 2871147 /usr/lib/libnettle.so.8.4 +7f3017adb000-7f3017adc000 ---p 00043000 00:19 2871147 /usr/lib/libnettle.so.8.4 +7f3017adc000-7f3017ade000 r--p 00043000 00:19 2871147 /usr/lib/libnettle.so.8.4 +7f3017ade000-7f3017adf000 rw-p 00045000 00:19 2871147 /usr/lib/libnettle.so.8.4 +7f3017adf000-7f3017ae2000 r--p 00000000 00:19 2550729 /usr/lib/libtasn1.so.6.6.1 +7f3017ae2000-7f3017aee000 r-xp 00003000 00:19 2550729 /usr/lib/libtasn1.so.6.6.1 +7f3017aee000-7f3017af2000 r--p 0000f000 00:19 2550729 /usr/lib/libtasn1.so.6.6.1 +7f3017af2000-7f3017af3000 ---p 00013000 00:19 2550729 /usr/lib/libtasn1.so.6.6.1 +7f3017af3000-7f3017af4000 r--p 00013000 00:19 2550729 /usr/lib/libtasn1.so.6.6.1 +7f3017af4000-7f3017af5000 rw-p 00014000 00:19 2550729 /usr/lib/libtasn1.so.6.6.1 +7f3017af5000-7f3017b06000 r--p 00000000 00:19 937656 /usr/lib/libunistring.so.2.1.0 +7f3017b06000-7f3017b3b000 r-xp 00011000 00:19 937656 /usr/lib/libunistring.so.2.1.0 +7f3017b3b000-7f3017c72000 r--p 00046000 00:19 937656 /usr/lib/libunistring.so.2.1.0 +7f3017c72000-7f3017c76000 r--p 0017c000 00:19 937656 /usr/lib/libunistring.so.2.1.0 +7f3017c76000-7f3017c77000 rw-p 00180000 00:19 937656 /usr/lib/libunistring.so.2.1.0 +7f3017c77000-7f3017c79000 r--p 00000000 00:19 3212638 /usr/lib/libidn2.so.0.3.7 +7f3017c79000-7f3017c7d000 r-xp 00002000 00:19 3212638 /usr/lib/libidn2.so.0.3.7 +7f3017c7d000-7f3017c97000 r--p 00006000 00:19 3212638 /usr/lib/libidn2.so.0.3.7 +7f3017c97000-7f3017c98000 r--p 0001f000 00:19 3212638 /usr/lib/libidn2.so.0.3.7 +7f3017c98000-7f3017c99000 rw-p 00020000 00:19 3212638 /usr/lib/libidn2.so.0.3.7 +7f3017c99000-7f3017cc2000 r--p 00000000 00:19 3663986 /usr/lib/libp11-kit.so.0.3.0 +7f3017cc2000-7f3017d60000 r-xp 00029000 00:19 3663986 /usr/lib/libp11-kit.so.0.3.0 +7f3017d60000-7f3017dba000 r--p 000c7000 00:19 3663986 /usr/lib/libp11-kit.so.0.3.0 +7f3017dba000-7f3017dc4000 r--p 00120000 00:19 3663986 /usr/lib/libp11-kit.so.0.3.0 +7f3017dc4000-7f3017dce000 rw-p 0012a000 00:19 3663986 /usr/lib/libp11-kit.so.0.3.0 +7f3017dce000-7f3017dd0000 r--p 00000000 00:19 2549813 /usr/lib/libdl-2.33.so +7f3017dd0000-7f3017dd2000 r-xp 00002000 00:19 2549813 /usr/lib/libdl-2.33.so +7f3017dd2000-7f3017dd3000 r--p 00004000 00:19 2549813 /usr/lib/libdl-2.33.so +7f3017dd3000-7f3017dd4000 r--p 00004000 00:19 2549813 /usr/lib/libdl-2.33.so +7f3017dd4000-7f3017dd5000 rw-p 00005000 00:19 2549813 /usr/lib/libdl-2.33.so +7f3017dd5000-7f3017dd7000 rw-p 00000000 00:00 0 +7f3017dd7000-7f3017dd9000 r--p 00000000 00:19 3020974 /usr/lib/libpcre.so.1.2.13 +7f3017dd9000-7f3017e2f000 r-xp 00002000 00:19 3020974 /usr/lib/libpcre.so.1.2.13 +7f3017e2f000-7f3017e4c000 r--p 00058000 00:19 3020974 /usr/lib/libpcre.so.1.2.13 +7f3017e4c000-7f3017e4d000 r--p 00074000 00:19 3020974 /usr/lib/libpcre.so.1.2.13 +7f3017e4d000-7f3017e4e000 rw-p 00075000 00:19 3020974 /usr/lib/libpcre.so.1.2.13 +7f3017e4e000-7f3017e74000 r--p 00000000 00:19 2549806 /usr/lib/libc-2.33.so +7f3017e74000-7f3017fbf000 r-xp 00026000 00:19 2549806 /usr/lib/libc-2.33.so +7f3017fbf000-7f301800b000 r--p 00171000 00:19 2549806 /usr/lib/libc-2.33.so +7f301800b000-7f301800e000 r--p 001bc000 00:19 2549806 /usr/lib/libc-2.33.so +7f301800e000-7f3018011000 rw-p 001bf000 00:19 2549806 /usr/lib/libc-2.33.so +7f3018011000-7f301801a000 rw-p 00000000 00:00 0 +7f301801a000-7f3018021000 r--p 00000000 00:19 2549847 /usr/lib/libpthread-2.33.so +7f3018021000-7f3018030000 r-xp 00007000 00:19 2549847 /usr/lib/libpthread-2.33.so +7f3018030000-7f3018034000 r--p 00016000 00:19 2549847 /usr/lib/libpthread-2.33.so +7f3018034000-7f3018035000 ---p 0001a000 00:19 2549847 /usr/lib/libpthread-2.33.so +7f3018035000-7f3018036000 r--p 0001a000 00:19 2549847 /usr/lib/libpthread-2.33.so +7f3018036000-7f3018037000 rw-p 0001b000 00:19 2549847 /usr/lib/libpthread-2.33.so +7f3018037000-7f301803b000 rw-p 00000000 00:00 0 +7f301803b000-7f301803e000 r--p 00000000 00:19 2550528 /usr/lib/libgcc_s.so.1 +7f301803e000-7f3018050000 r-xp 00003000 00:19 2550528 /usr/lib/libgcc_s.so.1 +7f3018050000-7f3018053000 r--p 00015000 00:19 2550528 /usr/lib/libgcc_s.so.1 +7f3018053000-7f3018054000 ---p 00018000 00:19 2550528 /usr/lib/libgcc_s.so.1 +7f3018054000-7f3018055000 r--p 00018000 00:19 2550528 /usr/lib/libgcc_s.so.1 +7f3018055000-7f3018056000 rw-p 00019000 00:19 2550528 /usr/lib/libgcc_s.so.1 +7f3018056000-7f3018065000 r--p 00000000 00:19 2549819 /usr/lib/libm-2.33.so +7f3018065000-7f30180ff000 r-xp 0000f000 00:19 2549819 /usr/lib/libm-2.33.so +7f30180ff000-7f3018197000 r--p 000a9000 00:19 2549819 /usr/lib/libm-2.33.so +7f3018197000-7f3018198000 ---p 00141000 00:19 2549819 /usr/lib/libm-2.33.so +7f3018198000-7f3018199000 r--p 00141000 00:19 2549819 /usr/lib/libm-2.33.so +7f3018199000-7f301819a000 rw-p 00142000 00:19 2549819 /usr/lib/libm-2.33.so +7f301819a000-7f3018233000 r--p 00000000 00:19 2550558 /usr/lib/libstdc++.so.6.0.29 +7f3018233000-7f3018333000 r-xp 00099000 00:19 2550558 /usr/lib/libstdc++.so.6.0.29 +7f3018333000-7f301839f000 r--p 00199000 00:19 2550558 /usr/lib/libstdc++.so.6.0.29 +7f301839f000-7f30183ac000 r--p 00204000 00:19 2550558 /usr/lib/libstdc++.so.6.0.29 +7f30183ac000-7f30183ad000 rw-p 00211000 00:19 2550558 /usr/lib/libstdc++.so.6.0.29 +7f30183ad000-7f30183b2000 rw-p 00000000 00:00 0 +7f30183b2000-7f30183e6000 r--p 00000000 00:19 2907924 /usr/lib/libgnutls.so.30.30.0 +7f30183e6000-7f3018508000 r-xp 00034000 00:19 2907924 /usr/lib/libgnutls.so.30.30.0 +7f3018508000-7f301859d000 r--p 00156000 00:19 2907924 /usr/lib/libgnutls.so.30.30.0 +7f301859d000-7f301859e000 ---p 001eb000 00:19 2907924 /usr/lib/libgnutls.so.30.30.0 +7f301859e000-7f30185af000 r--p 001eb000 00:19 2907924 /usr/lib/libgnutls.so.30.30.0 +7f30185af000-7f30185b1000 rw-p 001fc000 00:19 2907924 /usr/lib/libgnutls.so.30.30.0 +7f30185b1000-7f30185b3000 rw-p 00000000 00:00 0 +7f30185b3000-7f30185b5000 r--p 00000000 00:19 3662215 /usr/lib/libgmodule-2.0.so.0.7000.0 +7f30185b5000-7f30185b7000 r-xp 00002000 00:19 3662215 /usr/lib/libgmodule-2.0.so.0.7000.0 +7f30185b7000-7f30185b8000 r--p 00004000 00:19 3662215 /usr/lib/libgmodule-2.0.so.0.7000.0 +7f30185b8000-7f30185b9000 r--p 00004000 00:19 3662215 /usr/lib/libgmodule-2.0.so.0.7000.0 +7f30185b9000-7f30185ba000 rw-p 00005000 00:19 3662215 /usr/lib/libgmodule-2.0.so.0.7000.0 +7f30185ba000-7f30185d7000 r--p 00000000 00:19 3662212 /usr/lib/libglib-2.0.so.0.7000.0 +7f30185d7000-7f3018664000 r-xp 0001d000 00:19 3662212 /usr/lib/libglib-2.0.so.0.7000.0 +7f3018664000-7f30186ec000 r--p 000aa000 00:19 3662212 /usr/lib/libglib-2.0.so.0.7000.0 +7f30186ec000-7f30186ed000 ---p 00132000 00:19 3662212 /usr/lib/libglib-2.0.so.0.7000.0 +7f30186ed000-7f30186ee000 r--p 00132000 00:19 3662212 /usr/lib/libglib-2.0.so.0.7000.0 +7f30186ee000-7f30186ef000 rw-p 00133000 00:19 3662212 /usr/lib/libglib-2.0.so.0.7000.0 +7f30186ef000-7f30186f0000 rw-p 00000000 00:00 0 +7f30186f0000-7f30186f2000 r--p 00000000 00:19 3440204 /usr/lib/liburing.so.2.1.0 +7f30186f2000-7f30186f4000 r-xp 00002000 00:19 3440204 /usr/lib/liburing.so.2.1.0 +7f30186f4000-7f30186f5000 r--p 00004000 00:19 3440204 /usr/lib/liburing.so.2.1.0 +7f30186f5000-7f30186f6000 r--p 00004000 00:19 3440204 /usr/lib/liburing.so.2.1.0 +7f30186f6000-7f30186f7000 rw-p 00005000 00:19 3440204 /usr/lib/liburing.so.2.1.0 +7f30186f7000-7f30186fa000 r--p 00000000 00:19 2549855 /usr/lib/librt-2.33.so +7f30186fa000-7f30186fe000 r-xp 00003000 00:19 2549855 /usr/lib/librt-2.33.so +7f30186fe000-7f3018700000 r--p 00007000 00:19 2549855 /usr/lib/librt-2.33.so +7f3018700000-7f3018701000 r--p 00008000 00:19 2549855 /usr/lib/librt-2.33.so +7f3018701000-7f3018702000 rw-p 00009000 00:19 2549855 /usr/lib/librt-2.33.so +7f3018702000-7f3018705000 r--p 00000000 00:19 15838 /usr/lib/libz.so.1.2.11 +7f3018705000-7f3018713000 r-xp 00003000 00:19 15838 /usr/lib/libz.so.1.2.11 +7f3018713000-7f3018719000 r--p 00011000 00:19 15838 /usr/lib/libz.so.1.2.11 +7f3018719000-7f301871a000 ---p 00017000 00:19 15838 /usr/lib/libz.so.1.2.11 +7f301871a000-7f301871b000 r--p 00017000 00:19 15838 /usr/lib/libz.so.1.2.11 +7f301871b000-7f301871c000 rw-p 00018000 00:19 15838 /usr/lib/libz.so.1.2.11 +7f301871c000-7f301871e000 rw-p 00000000 00:00 0 +7f301871e000-7f301871f000 r--p 00000000 00:19 2549795 /usr/lib/ld-2.33.so +7f301871f000-7f3018743000 r-xp 00001000 00:19 2549795 /usr/lib/ld-2.33.so +7f3018743000-7f301874c000 r--p 00025000 00:19 2549795 /usr/lib/ld-2.33.so +7f301874c000-7f301874e000 r--p 0002d000 00:19 2549795 /usr/lib/ld-2.33.so +7f301874e000-7f3018750000 rw-p 0002f000 00:19 2549795 /usr/lib/ld-2.33.so +7ffc5c8f6000-7ffc5c917000 rw-p 00000000 00:00 0 [stack] +7ffc5c935000-7ffc5c939000 r--p 00000000 00:00 0 [vvar] +7ffc5c939000-7ffc5c93b000 r-xp 00000000 00:00 0 [vdso] +ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall] + +Reading 15 bytes from 0x6377c (407420) to 0x40800638 of PID 278331 +buffer doesn't match +``` + +The program is trying to read from 0x6377c, which according to the emulated maps is in this mapping: + +``` +10000-7c000 r-xp 00000000 00:19 8275924 /home/osandov/repro +``` + +but on the host, it's mapped differently: + +``` +00020000-0008c000 r--p 00000000 00:19 8275924 /home/osandov/repro +``` + +When using `qemu-arm-static` (version `6.1.0 (Debian 1:6.1+dfsg-6)`) via `binfmt_misc`, I also saw a case where the address isn't mapped in the host at all: + +``` +Maps read by self: +10000-7c000 r-xp 00000000 00:19 8275924 /home/osandov/repro +7c000-8b000 ---p 00000000 00:00 0 +8b000-8c000 r--p 0006b000 00:19 8275924 /home/osandov/repro +8c000-8d000 rw-p 0006c000 00:19 8275924 /home/osandov/repro +8d000-b0000 rw-p 00000000 00:00 0 +40000000-40001000 ---p 00000000 00:00 0 +40001000-40801000 rw-p 00000000 00:00 0 [stack] + +Maps read by child process: +00400000-00401000 r--p 00000000 00:19 297 /usr/bin/qemu-arm-static +00401000-00769000 r-xp 00001000 00:19 297 /usr/bin/qemu-arm-static +00769000-00abe000 r--p 00369000 00:19 297 /usr/bin/qemu-arm-static +00abe000-00c58000 r--p 006bd000 00:19 297 /usr/bin/qemu-arm-static +00c58000-00cd3000 rw-p 00857000 00:19 297 /usr/bin/qemu-arm-static +00cd3000-00cf7000 rw-p 00000000 00:00 0 +0253c000-0268e000 rw-p 00000000 00:00 0 [heap] +42645000-42655000 ---p 00000000 00:00 0 +42655000-426c1000 r--p 00000000 00:19 8275924 /home/osandov/repro +426c1000-426d0000 ---p 00000000 00:00 0 +426d0000-426d1000 r--p 0006b000 00:19 8275924 /home/osandov/repro +426d1000-426d2000 rw-p 0006c000 00:19 8275924 /home/osandov/repro +426d2000-426f5000 rw-p 00000000 00:00 0 +426f5000-82645000 ---p 00000000 00:00 0 +82645000-82646000 ---p 00000000 00:00 0 +82646000-82e46000 rw-p 00000000 00:00 0 +82e46000-142635000 ---p 00000000 00:00 0 +142635000-142636000 r--p 00000000 00:00 0 +7f5584000000-7f558bfff000 rwxp 00000000 00:00 0 +7f558bfff000-7f558c000000 ---p 00000000 00:00 0 +7f558c000000-7f558c021000 rw-p 00000000 00:00 0 +7f558c021000-7f5590000000 ---p 00000000 00:00 0 +7f55929b5000-7f5592a36000 rw-p 00000000 00:00 0 +7f5592a36000-7f5592a37000 ---p 00000000 00:00 0 +7f5592a37000-7f5593237000 rw-p 00000000 00:00 0 +7ffc4971a000-7ffc4973b000 rw-p 00000000 00:00 0 [stack] +7ffc497fa000-7ffc497fe000 r--p 00000000 00:00 0 [vvar] +7ffc497fe000-7ffc49800000 r-xp 00000000 00:00 0 [vdso] +ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall] + +Reading 15 bytes from 0x6377c (407420) to 0x40800648 of PID 278443 +pread: /proc/self/mem: Input/output error +``` +Steps to reproduce: +1. Download statically-linked ARM [reproducer](/uploads/5563ad67d01f0ec4a10f27d1967216c4/repro). +2. Run `qemu-arm ./repro`. +Additional information: +I encountered this when trying out a CI system that uses QEMU user-mode emulation for 32-bit ARM builds. My project is a debugger that uses `/proc/self/mem`, and a test case tripped over this. See https://github.com/osandov/drgn/pull/126. + +This also seems to happen with a i386 guest, but not with an aarch64 guest, so I'm assuming that it's a 32-bit guest issue. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/704 b/results/classifier/deepseek-r1:32b/output/runtime/704 new file mode 100644 index 000000000..25f043317 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/704 @@ -0,0 +1,4 @@ + + + +linux-user: misaligned address for type 'struct linux_dirent64' diff --git a/results/classifier/deepseek-r1:32b/output/runtime/714 b/results/classifier/deepseek-r1:32b/output/runtime/714 new file mode 100644 index 000000000..acca70ae6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/714 @@ -0,0 +1,46 @@ + + + +Command line arguments are not passed correctly with user-space semihosting +Description of problem: +The emulated process always receives a value of 1 for `argc`, with `argv[0]` returning seemingly random characters (in Ubuntu packaged qemu 5.2), but correlating with command-line input (output below from master built qemu 6.1): +``` +$ qemu-arm -cpu cortex-m7 ./a.out 123 test +argc: 1 +argv: + - @@@ + +$ qemu-arm -cpu cortex-m7 ./a.out +argc: 1 +argv: + [0] @ +``` +Steps to reproduce: +1. Compile the following program with [ARM embedded toolchain](https://developer.arm.com/tools-and-software/open-source-software/developer-tools/gnu-toolchain/gnu-rm/downloads): +```cpp +#include <iostream> + +int main(int argc, char* argv[]) { + std::cout << "argc: " << argc << "\n"; + std::cout << "argv: \n"; + + for (int i = 0; i < argc; i++) + std::cout << " [" << i << "] " << argv[i] << "\n"; + return 0; +} +``` + +``` +$ $CXX --version +arm-none-eabi-g++ (GNU Arm Embedded Toolchain 10-2020-q4-major) 10.2.1 20201103 (release) +Copyright (C) 2020 Free Software Foundation, Inc. +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +$ $CXX main.cpp --specs=rdimon.specs -mcpu=cortex-m7 +``` + +2. Run in user-space (semihosted): +``` +$ qemu-arm -cpu cortex-m7 ./a.out +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/739785 b/results/classifier/deepseek-r1:32b/output/runtime/739785 new file mode 100644 index 000000000..f02406e4b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/739785 @@ -0,0 +1,37 @@ + + + +qemu-i386 user mode can't fork (bash: fork: Invalid argument) + +Good time of day everybody, + +I have been trying to make usermode qemu on ARM with plugapps (archlinux) with archlinux i386 chroot to work. + +1. I installed arch linux in a virtuabox and created a chroot for it with mkarchroot. Transferred it to my pogo plug into /i386/ +2. I comiled qemu-i386 static and put it into /i386/usr/bin/ +./configure --static --disable-blobs --disable-system --target-list=i386-linux-user +make + +3. I also compiled linux kernel 2.6.38 with CONFIG_BINFMT_MISC=y and installed it. +uname -a +Linux Plugbox 2.6.38 #4 PREEMPT Fri Mar 18 22:19:10 CDT 2011 armv5tel Feroceon 88FR131 rev 1 (v5l) Marvell SheevaPlug Reference Board GNU/Linux + +4. Added the following options into /etc/rc.local +/sbin/modprobe binfmt_misc +/bin/mount binfmt_misc -t binfmt_misc /proc/sys/fs/binfmt_misc +echo ':qemu-i386:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x03\x00:\xff\xff\xff\xff\xff\xfe\xfe\xff\xff\xff\xff\xff\xff\xff\xff\xff\xfb\xff\xff\xff:/usr/bin/qemu-i386:' >/proc/sys/fs/binfmt_misc/register + +5. Also copied ld-linux.so.3 (actually ld-2.13.so because ld-linux.so.3 is a link to that file) from /lib/ to /i386/lib/ + +6.Now i chroot into /i386 and I get this: +[root@Plugbox i386]# chroot . +[II aI hnve ao n@P /]# pacman -Suy +bash: fork: Invalid argument + +7.I also downloaded linux-user-test-0.3 from qemu website and ran the test: +[root@Plugbox linux-user-test-0.3]# make +./qemu-linux-user.sh +[qemu-i386] +../qemu-0.14.0/i386-linux-user/qemu-i386 -L ./gnemul/qemu-i386 i386/ls -l dummyfile +BUG IN DYNAMIC LINKER ld.so: dl-version.c: 210: _dl_check_map_versions: Assertion `needed != ((void *)0)' failed! +make: *** [test] Error 127 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/754635 b/results/classifier/deepseek-r1:32b/output/runtime/754635 new file mode 100644 index 000000000..84577858b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/754635 @@ -0,0 +1,58 @@ + + + +-d option outs wrong info about sections + +For example, after run ./qemu-i386 -d in_asm /bin/ls from 0.14.0 release, I received this qemu.log file: +$ cat /tmp/qemu.log | grep -A7 guest +Relocating guest address space from 0x08048000 to 0x8048000 +guest_base 0x0 +start end size prot +00048000-0005f000 00017000 r-x +0005f000-00069000 0000a000 rw- +00040000-00041000 00001000 --- +00041000-00041800 00000800 rw- +00041800-0005d800 0001c000 r-x +0005d800-0005f800 00002000 rw- + +But such command in 0.12.5 release outs this: +$ cat /tmp/qemu.log | grep -A7 guest +guest_base 0x0 +start end size prot +00f38000-00f39000 00001000 --- +08048000-0805f000 00017000 r-x +0805f000-08061000 00002000 rw- +40000000-40080000 00080000 rw- +40080000-40081000 00001000 --- +40081000-4009d000 0001c000 r-x + +It looks correct. +I received such differences and with qemu-microblaze. + +After comparing 0.12.5 and 0.14.0 releases I found this differences in exec.c: +in 0.12.5: +end = (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS); + +in 0.14.0: +int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT, + +V_L1_SHIFT in my case is 10, but 32 - L1_BITS is 22 + +I make this changes: +$ diff -up qemu-0.14.0/exec.c exec.c +--- qemu-0.14.0/exec.c 2011-04-08 17:26:00.524464002 +0400 ++++ exec.c 2011-04-08 17:26:09.800464003 +0400 +@@ -2340,7 +2340,7 @@ int walk_memory_regions(void *priv, walk + data.prot = 0; + + for (i = 0; i < V_L1_SIZE; i++) { +- int rc = walk_memory_regions_1(&data, (abi_ulong)i << V_L1_SHIFT, ++ int rc = walk_memory_regions_1(&data, (abi_ulong)i << (V_L1_SHIFT + TARGET_PAGE_BITS), + V_L1_SHIFT / L2_BITS - 1, l1_map + i); + if (rc != 0) { + return rc; + +After this outputs looks correct. + +I don't know code base good, and think what may to do more general corrections. +Host system: linux i386 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/796480 b/results/classifier/deepseek-r1:32b/output/runtime/796480 new file mode 100644 index 000000000..3fe14f69e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/796480 @@ -0,0 +1,48 @@ + + + +Addresses with 4GB differences are consider as one single address in QEMU + +THIS IS THE ISSUE OF USER MODE EMULATION +Information about guest and host +********************************** +guest: 64 bit x86 user mode binary +host: 32 bit Linux OS +uname -a :Linux KICS-HPCNL-32blue 2.6.33.3-85.fc13.i686.PAE #1 SMP +architecture: intel64 +Bug Description +**************** +for memory reference instructions, suppose I have two addresses in guest address space(64 bit) +0x220000000 +0x320000000 +as lower 32 bit part of both addresses are same, when particular instructions are translated into host code(32 bit) +in both above cases the value is loaded from same memory and we get same value. where actual behaviour was to get two different values. +here is the program which i used to test: +#include <stdio.h> +#include <stdlib.h> +#include <limits.h> +#define SIZE 4294967298 /* 4Gib*/ + +int main() { + char *array; + unsigned int i; + + array = malloc(sizeof(char) * SIZE); + if(array == NULL) { + fprintf(stderr, "Could not allocate that much memory"); + return 1; } + array[0] = 'a'; + array[SIZE-2] = 'z'; + printf("array[SIZE-2] = %c array[0] = %c\n",array[SIZE-2], array[0]); + return 0; +} +I have 8 gib RAM +I compiled this program on 64 bit linux and run this on 32 bit linux with qemu +QEMU command line and output +********************************** +$x86_64-linux-user/qemu-x86_64 ~/ar_x86 +output: array[SIZE-1] = z,array[0] = z +Release information +******************** +x86_64 binary is tested with latest release : qemu-0.14.1 +and with current development tree as well( live code of QEMU using git) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/805 b/results/classifier/deepseek-r1:32b/output/runtime/805 new file mode 100644 index 000000000..1d393a30d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/805 @@ -0,0 +1,17 @@ + + + +qemu-hexagon: [binary]: Error mapping file: Invalid argument +Description of problem: +Running a (32bit) hexagon binary on a 64bit/32bit system gives the following error: +`qemu-hexagon: hexagon-hello-world: Error mapping file: Invalid argument` +Steps to reproduce: +``` +./qemu-hexagon <hexagon-binary> +qemu-hexagon: hexagon-hello-world: Error mapping file: Invalid argument +``` +Additional information: +A similar problem has been reported on the mailing list: +https://www.mail-archive.com/qemu-devel@nongnu.org/msg836466.html + +Unfortunately without a solution. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/834 b/results/classifier/deepseek-r1:32b/output/runtime/834 new file mode 100644 index 000000000..99ad9901b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/834 @@ -0,0 +1,62 @@ + + + +linux-user: fails to deliver signals raised during pselect +Description of problem: +When run via qemu a program which blocks signals but unmasks them during `pselect` does not catch these signals when returning from `pselect`. + +Used as reference on expected behavior: [The new pselect() system call](https://lwn.net/Articles/176911/) +Steps to reproduce: +A minimal test case below mimics behavior as encountered in the test suite of `p11-kit` ([link](https://github.com/p11-glue/p11-kit)) (which attempts to catch `SIGTERM` in a similar way and results in lingering processes after running the test suite). + +```C +#include <stdio.h> +#include <unistd.h> +#include <signal.h> +#include <sys/select.h> + +static void handler(int sig) +{ + puts("SIGNAL"); +} + +int main(int argc, char *argv[]) +{ + struct sigaction sa; + + fd_set rfds; + sigset_t emptyset, blockset; + + sigemptyset (&blockset); + sigemptyset (&emptyset); + sigaddset (&blockset, SIGUSR1); + + sa.sa_handler = handler; + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + sigaction(SIGUSR1, &sa, NULL); + + sigprocmask (SIG_BLOCK, &blockset, NULL); + + FD_ZERO(&rfds); + + while(1) { + pselect(0, &rfds, NULL, NULL, NULL, &emptyset); + } + + return 0; +} +``` + +Running this without qemu should print _SIGNAL_ when sent `SIGUSR1`: + +``` +$ ./a.out & +[1] 1683587 +$ kill -USR1 %1 +$ SIGNAL +``` + +When run with `qemu-x86_64` however, it does not (also qemu's `-strace` confirms the signal isn't received whereas a strace of qemu shows it's in fact delivered). + +The pselect call itself _is_ interrupted, but the signal goes missing. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/856 b/results/classifier/deepseek-r1:32b/output/runtime/856 new file mode 100644 index 000000000..1805ec8de --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/856 @@ -0,0 +1,64 @@ + + + +Occasional deadlock in linux-user (sh4) when running threadcount test +Description of problem: + +Steps to reproduce: +1. docker run --rm -it -u (id -u) -v $HOME:$HOME -w (pwd) qemu/debian-all-test-cross /bin/bash +2. '../../configure' '--cc=clang' '--cxx=clang++' '--disable-system' '--target-list-exclude=microblazeel-linux-user,aarch64_be-linux-user,i386-linux-user,m68k-linux-user,mipsn32el-linux-user,xtensaeb-linux-user' '--extra-cflags=-fsanitize=undefined' '--extra-cflags=-fno-sanitize-recover=undefined' +3. make; make build-tcg +4. retry.py -n 400 -c -- timeout --foreground 90 ./qemu-sh4 -plugin ./tests/plugin/libinsn.so -d plugin ./tests/tcg/sh4-linux-user/threadcount + +Failure rate on hackbox: + +``` +Results summary: +0: 397 times (99.25%), avg time 0.686 (0.00 varience/0.01 deviation) +124: 3 times (0.75%), avg time 90.559 (0.00 varience/0.01 deviation) +``` + +It seems to fail more frequently on Gitlabs CI +Additional information: +Without the timeout you end up with a deadlock. The following backtrace was found, stepping in gdb unwedges the hang: + +``` +(gdb) info threads + Id Target Id Frame +* 1 LWP 15894 "qemu-sh4" safe_syscall_base () at ../../common-user/host/x86_64/safe-syscall.inc.S:75 + 2 LWP 15994 "qemu-sh4" 0x00007f956b800f59 in syscall () from target:/lib/x86_64-linux-gnu/libc.so.6 + 3 LWP 15997 "qemu-sh4" safe_syscall_base () at ../../common-user/host/x86_64/safe-syscall.inc.S:75 +(gdb) bt +#0 safe_syscall_base () at ../../common-user/host/x86_64/safe-syscall.inc.S:75 +#1 0x0000560ee17196e4 in safe_futex (uaddr=0x58e8, op=-513652411, val=<optimized out>, timeout=0xf0, uaddr2=<optimized out>, val3=582) at ../../linux-user/syscall.c:681 +#2 do_safe_futex (uaddr=0x58e8, op=-513652411, val=<optimized out>, timeout=0xf0, uaddr2=<optimized out>, val3=582) at ../../linux-user/syscall.c:7757 +#3 0x0000560ee170c8d9 in do_syscall1 (cpu_env=<optimized out>, num=<optimized out>, arg1=<optimized out>, arg2=<optimized out>, arg3=22760, arg4=<optimized out>, arg5=<optimized out>, arg6=240, arg7=0, arg8=0) at /home/alex.bennee/lsrc/qemu.git/include/exec/cpu_ldst.h:90 +#4 0x0000560ee170220c in do_syscall (cpu_env=<optimized out>, num=<optimized out>, arg1=<optimized out>, arg2=<optimized out>, arg3=<optimized out>, arg4=<optimized out>, arg5=<optimized out>, arg6=<optimized out>, arg7=<optimized out>, arg8=<optimized out>) at ../../linux-user/syscall.c:13239 +#5 0x0000560ee1626111 in cpu_loop (env=0x560ee294b028) at ../../linux-user/sh4/cpu_loop.c:43 +#6 0x0000560ee16ee37d in main (argc=-493657104, argv=0x7ffdcaf52028, envp=<optimized out>) at ../../linux-user/main.c:883 +(gdb) thread 2 +[Switching to thread 2 (LWP 15994)] +#0 0x00007f956b800f59 in syscall () from target:/lib/x86_64-linux-gnu/libc.so.6 +(gdb) bt +#0 0x00007f956b800f59 in syscall () from target:/lib/x86_64-linux-gnu/libc.so.6 +#1 0x0000560ee1847bd6 in qemu_futex_wait (f=<optimized out>, val=<optimized out>) at /home/alex.bennee/lsrc/qemu.git/include/qemu/futex.h:29 +#2 qemu_event_wait (ev=0x560ee2738974 <rcu_call_ready_event>) at ../../util/qemu-thread-posix.c:481 +#3 0x0000560ee18539a2 in call_rcu_thread (opaque=<optimized out>) at ../../util/rcu.c:261 +#4 0x0000560ee1847f17 in qemu_thread_start (args=0x560ee2933eb0) at ../../util/qemu-thread-posix.c:556 +#5 0x00007f956b8f6fa3 in start_thread () from target:/lib/x86_64-linux-gnu/libpthread.so.0 +#6 0x00007f956b8064cf in clone () from target:/lib/x86_64-linux-gnu/libc.so.6 +(gdb) thread 3 +[Switching to thread 3 (LWP 15997)] +#0 safe_syscall_base () at ../../common-user/host/x86_64/safe-syscall.inc.S:75 +75 cmp $-4095, %rax +(gdb) bt +#0 safe_syscall_base () at ../../common-user/host/x86_64/safe-syscall.inc.S:75 +#1 0x0000560ee17196e4 in safe_futex (uaddr=0x2, op=-513652411, val=<optimized out>, timeout=0x3f7fcdc4, uaddr2=<optimized out>, val3=582) at ../../linux-user/syscall.c:681 +#2 do_safe_futex (uaddr=0x2, op=-513652411, val=<optimized out>, timeout=0x3f7fcdc4, uaddr2=<optimized out>, val3=582) at ../../linux-user/syscall.c:7757 +#3 0x0000560ee170c8d9 in do_syscall1 (cpu_env=<optimized out>, num=<optimized out>, arg1=<optimized out>, arg2=<optimized out>, arg3=2, arg4=<optimized out>, arg5=<optimized out>, arg6=1065340356, arg7=0, arg8=0) at /home/alex.bennee/lsrc/qemu.git/include/exec/cpu_ldst.h:90 +#4 0x0000560ee170220c in do_syscall (cpu_env=<optimized out>, num=<optimized out>, arg1=<optimized out>, arg2=<optimized out>, arg3=<optimized out>, arg4=<optimized out>, arg5=<optimized out>, arg6=<optimized out>, arg7=<optimized out>, arg8=<optimized out>) at ../../linux-user/syscall.c:13239 +#5 0x0000560ee1626111 in cpu_loop (env=0x560ee2a2c2d8) at ../../linux-user/sh4/cpu_loop.c:43 +#6 0x0000560ee171728f in clone_func (arg=<optimized out>) at ../../linux-user/syscall.c:6608 +#7 0x00007f956b8f6fa3 in start_thread () from target:/lib/x86_64-linux-gnu/libpthread.so.0 +#8 0x00007f956b8064cf in clone () from target:/lib/x86_64-linux-gnu/libc.so.6 +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/866 b/results/classifier/deepseek-r1:32b/output/runtime/866 new file mode 100644 index 000000000..344afc81d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/866 @@ -0,0 +1,56 @@ + + + +linux-user: substantial memory leak when threads are created and destroyed +Description of problem: +Substantial memory leak when the following simple program is executed on `qemu-arm`, +```c +// compile with `arm-none-linux-gnueabihf-gcc test_qemu.c -o test_qemu.out -pthread` + +#include <assert.h> +#include <pthread.h> + +#define MAGIC_RETURN ((void *)42) + +void *thread_main(void *arg) +{ + return MAGIC_RETURN; +} + +int main(int argc, char *argv[]) +{ + size_t i; + for (i = 0;; i++) + { + pthread_t thread; + assert(pthread_create(&thread, NULL, thread_main, NULL) == 0); + void *ret; + assert(pthread_join(thread, &ret) == 0); + assert(ret == MAGIC_RETURN); + } + + return 0; +} +``` +Steps to reproduce: +1. +``` +export TOOLCHAIN_PREFIX=arm-none-linux-gnueabihf +export ARMSDK=/${TOOLCHAIN_PREFIX} +export SYSROOT=${ARMSDK}/${TOOLCHAIN_PREFIX}/libc +export CC=${ARMSDK}/bin/${TOOLCHAIN_PREFIX}-gcc +``` +2. Download the arm toolchain: `curl --output ${TOOLCHAIN_PREFIX}.tar.xz -L 'https://developer.arm.com/-/media/Files/downloads/gnu-a/10.2-2020.11/binrel/gcc-arm-10.2-2020.11-x86_64-arm-none-linux-gnueabihf.tar.xz?revision=d0b90559-3960-4e4b-9297-7ddbc3e52783&la=en&hash=985078B758BC782BC338DB947347107FBCF8EF6B'` +3. `mkdir -p ${ARMSDK} && tar xf ${TOOLCHAIN_PREFIX}.tar.xz -C ${ARMSDK} --strip-components=1` +4. `$CC test_qemu.c -o test_qemu.out -pthread` +5. `qemu-arm -L $SYSROOT ./test_qemu.out` +6. Observe memory usage keeps ramping up and crashes the process once out of memory. +Additional information: +Valgrind annotation logs [annot.log](/uploads/f8d05d8f216d5a589e8da0758a345de6/annot.log) generated by a local build on master@0a301624c2f4ced3331ffd5bce85b4274fe132af from +```bash +valgrind --xtree-memory=full --xtree-memory-file=xtmemory.kcg bin/debug/native/qemu-arm -L $SYSROOT /mnt/f/test_qemu3.out +# Send CTRL-C before the process crashes due to oom +callgrind_annotate --auto=yes --inclusive=yes --sort=curB:100,curBk:100,totB:100,totBk:100,totFdB:100,totFdBk:100 xtmemory.kcg > annot.log +``` + +# diff --git a/results/classifier/deepseek-r1:32b/output/runtime/886621 b/results/classifier/deepseek-r1:32b/output/runtime/886621 new file mode 100644 index 000000000..95c15b1e1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/886621 @@ -0,0 +1,295 @@ + + + +Mac OS X Lion: segmentation fault + + +Process: qemu [5680] +Path: /usr/local/xeos-build/qemu/bin/qemu +Identifier: qemu +Version: ??? (???) +Code Type: X86-64 (Native) +Parent Process: make [5677] + +Date/Time: 2011-11-05 18:53:25.574 +0100 +OS Version: Mac OS X 10.7.2 (11C74) +Report Version: 9 +Sleep/Wake UUID: 3C81B8F7-0321-4621-923C-AB655F2CC701 + +Interval Since Last Report: 503994 sec +Crashes Since Last Report: 35 +Per-App Crashes Since Last Report: 9 +Anonymous UUID: 28E7367A-4697-43A4-8D12-005F1917DFD3 + +Crashed Thread: 0 Dispatch queue: com.apple.main-thread + +Exception Type: EXC_BAD_ACCESS (SIGSEGV) +Exception Codes: KERN_INVALID_ADDRESS at 0x000000000000003a + +VM Regions Near 0x3a: +--> + __TEXT 0000000107c75000-0000000107ebc000 [ 2332K] r-x/rwx SM=COW /usr/local/xeos-build/qemu/bin/qemu + +Application Specific Information: +objc[5680]: garbage collection is OFF + +Thread 0 Crashed:: Dispatch queue: com.apple.main-thread +0 qemu 0x0000000107d9d0ed 0x107c75000 + 1212653 +1 qemu 0x0000000107dabc39 0x107c75000 + 1272889 +2 ??? 0x000000010c3b007c 0 + 4500160636 + +Thread 1:: Dispatch queue: com.apple.libdispatch-manager +0 libsystem_kernel.dylib 0x00007fff85abb7e6 kevent + 10 +1 libdispatch.dylib 0x00007fff8e7b15be _dispatch_mgr_invoke + 923 +2 libdispatch.dylib 0x00007fff8e7b014e _dispatch_mgr_thread + 54 + +Thread 2: +0 libsystem_kernel.dylib 0x00007fff85abb192 __workq_kernreturn + 10 +1 libsystem_c.dylib 0x00007fff85886594 _pthread_wqthread + 758 +2 libsystem_c.dylib 0x00007fff85887b85 start_wqthread + 13 + +Thread 3: +0 libsystem_kernel.dylib 0x00007fff85abb192 __workq_kernreturn + 10 +1 libsystem_c.dylib 0x00007fff85886594 _pthread_wqthread + 758 +2 libsystem_c.dylib 0x00007fff85887b85 start_wqthread + 13 + +Thread 4: +0 libsystem_kernel.dylib 0x00007fff85abb192 __workq_kernreturn + 10 +1 libsystem_c.dylib 0x00007fff85886594 _pthread_wqthread + 758 +2 libsystem_c.dylib 0x00007fff85887b85 start_wqthread + 13 + +Thread 5: +0 libsystem_kernel.dylib 0x00007fff85abb036 __sigwait + 10 +1 libsystem_c.dylib 0x00007fff8583aaab sigwait + 68 +2 qemu 0x0000000107d221ef 0x107c75000 + 709103 +3 libsystem_c.dylib 0x00007fff858848bf _pthread_start + 335 +4 libsystem_c.dylib 0x00007fff85887b75 thread_start + 13 + +Thread 0 crashed with X86 Thread State (64-bit): + rax: 0x5433ade07f7c29e7 rbx: 0x0000000000000010 rcx: 0x0000000000000000 rdx: 0x0000000000002000 + rdi: 0x0000000000000010 rsi: 0x0000000000000000 rbp: 0x00007fff678714a0 rsp: 0x00007fff67871470 + r8: 0x0000000109fe8000 r9: 0x0000000000000fff r10: 0x00007fa7c185c01d r11: 0x0000000000000246 + r12: 0x00000001087ae368 r13: 0x0000000000000000 r14: 0x0000000000000000 r15: 0x0000000000001f80 + rip: 0x0000000107d9d0ed rfl: 0x0000000000010202 cr2: 0x000000000000003a +Logical CPU: 6 + +Binary Images: + 0x107c75000 - 0x107ebbff7 +qemu (??? - ???) <FECE8C8E-BD8E-34F1-B222-32D79C7A0037> /usr/local/xeos-build/qemu/bin/qemu + 0x1087cb000 - 0x1088b5fe7 +libglib-2.0.0.dylib (2704.0.0 - compatibility 2704.0.0) <5E6151CC-61F8-3335-A6FA-EFDD71474FA6> /usr/local/macmade/sw/glib/lib/libglib-2.0.0.dylib + 0x108917000 - 0x10891ffff +libintl.8.dylib (9.1.0 - compatibility 9.0.0) <7D75E177-3172-2F78-1E08-1118A3D2D2A9> /usr/local/webstart/sw/gettext/lib/libintl.8.dylib + 0x108928000 - 0x108949fff +libpng12.0.dylib (23.0.0 - compatibility 23.0.0) <FDE69E98-1D25-EEA1-99CF-F0A04A9AD7FF> /usr/local/webstart/sw/lib-png/lib/libpng12.0.dylib + 0x10895a000 - 0x10897aff7 +libjpeg.62.dylib (63.0.0 - compatibility 63.0.0) <AD465C8A-66A4-E794-CA9A-96FB1B4D6CF0> /usr/local/webstart/sw/lib-jpeg/lib/libjpeg.62.dylib + 0x108987000 - 0x108a67ff7 +libiconv.2.dylib (8.0.0 - compatibility 8.0.0) <54A03BBE-E505-9FF1-79AA-D4D5139BBF9C> /usr/local/webstart/sw/lib-iconv/lib/libiconv.2.dylib + 0x7fff67875000 - 0x7fff678a9ac7 dyld (195.5 - ???) <4A6E2B28-C7A2-3528-ADB7-4076B9836041> /usr/lib/dyld + 0x7fff8547d000 - 0x7fff8547efff libDiagnosticMessagesClient.dylib (??? - ???) <3DCF577B-F126-302B-BCE2-4DB9A95B8598> /usr/lib/libDiagnosticMessagesClient.dylib + 0x7fff8582b000 - 0x7fff8582efff com.apple.help (1.3.2 - 42) <AB67588E-7227-3993-927F-C9E6DAC507FD> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help + 0x7fff8582f000 - 0x7fff85835fff libmacho.dylib (800.0.0 - compatibility 1.0.0) <D86F63EC-D2BD-32E0-8955-08B5EAFAD2CC> /usr/lib/system/libmacho.dylib + 0x7fff85836000 - 0x7fff85913fef libsystem_c.dylib (763.12.0 - compatibility 1.0.0) <FF69F06E-0904-3C08-A5EF-536FAFFFDC22> /usr/lib/system/libsystem_c.dylib + 0x7fff85914000 - 0x7fff85914fff com.apple.audio.units.AudioUnit (1.7.1 - 1.7.1) <04C10813-CCE5-3333-8C72-E8E35E417B3B> /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit + 0x7fff85915000 - 0x7fff8591bfff IOSurface (??? - ???) <06FA3FDD-E6D5-391F-B60D-E98B169DAB1B> /System/Library/Frameworks/IOSurface.framework/Versions/A/IOSurface + 0x7fff85964000 - 0x7fff85972fff com.apple.NetAuth (1.0 - 3.0) <F384FFFD-70F6-3B1C-A886-F5B446E456E7> /System/Library/PrivateFrameworks/NetAuth.framework/Versions/A/NetAuth + 0x7fff85aa4000 - 0x7fff85ac4fff libsystem_kernel.dylib (1699.22.73 - compatibility 1.0.0) <69F2F501-72D8-3B3B-8357-F4418B3E1348> /usr/lib/system/libsystem_kernel.dylib + 0x7fff85ac5000 - 0x7fff85b10ff7 com.apple.SystemConfiguration (1.11.1 - 1.11) <F832FE21-5509-37C6-B1F1-48928F31BE45> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration + 0x7fff85c2a000 - 0x7fff85c39ff7 com.apple.opengl (1.7.5 - 1.7.5) <2945F1A6-910C-3596-9988-5701B04BD821> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL + 0x7fff85c3a000 - 0x7fff85c3eff7 com.apple.CommonPanels (1.2.5 - 94) <0BB2C436-C9D5-380B-86B5-E355A7711259> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels + 0x7fff85ebb000 - 0x7fff85fbefff libsqlite3.dylib (9.6.0 - compatibility 9.0.0) <7F60B0FF-4946-3639-89AB-B540D318B249> /usr/lib/libsqlite3.dylib + 0x7fff85fbf000 - 0x7fff86063fef com.apple.ink.framework (1.3.2 - 110) <F69DBD44-FEC8-3C14-8131-CC0245DBBD42> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink + 0x7fff860c5000 - 0x7fff860cafff libpam.2.dylib (3.0.0 - compatibility 3.0.0) <D952F17B-200A-3A23-B9B2-7C1F7AC19189> /usr/lib/libpam.2.dylib + 0x7fff860dd000 - 0x7fff86147fff com.apple.framework.IOKit (2.0 - ???) <87D55F1D-CDB5-3D13-A5F9-98EA4E22F8EE> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit + 0x7fff86148000 - 0x7fff8614ffff libcopyfile.dylib (85.1.0 - compatibility 1.0.0) <172B1985-F24A-34E9-8D8B-A2403C9A0399> /usr/lib/system/libcopyfile.dylib + 0x7fff8627e000 - 0x7fff862abfe7 libSystem.B.dylib (159.1.0 - compatibility 1.0.0) <095FDD3C-3961-3865-A59B-A5B0A4B8B923> /usr/lib/libSystem.B.dylib + 0x7fff862ac000 - 0x7fff86314ff7 com.apple.Symbolication (1.2 - 89) <1D7F9E72-B1B6-30CF-AC8A-23A763930A92> /System/Library/PrivateFrameworks/Symbolication.framework/Versions/A/Symbolication + 0x7fff86315000 - 0x7fff86316ff7 libsystem_blocks.dylib (53.0.0 - compatibility 1.0.0) <8BCA214A-8992-34B2-A8B9-B74DEACA1869> /usr/lib/system/libsystem_blocks.dylib + 0x7fff8633a000 - 0x7fff8634cff7 libbsm.0.dylib (??? - ???) <349BB16F-75FA-363F-8D98-7A9C3FA90A0D> /usr/lib/libbsm.0.dylib + 0x7fff8634d000 - 0x7fff863b5ff7 com.apple.audio.CoreAudio (4.0.1 - 4.0.1) <7966E3BE-376B-371A-A21D-9BD763C0BAE7> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio + 0x7fff86411000 - 0x7fff86423ff7 libsasl2.2.dylib (3.15.0 - compatibility 3.0.0) <6245B497-784B-355C-98EF-2DC6B45BF05C> /usr/lib/libsasl2.2.dylib + 0x7fff86428000 - 0x7fff86462fff libncurses.5.4.dylib (5.4.0 - compatibility 5.4.0) <387DE593-9CC5-38C7-911B-A5F2264D34F2> /usr/lib/libncurses.5.4.dylib + 0x7fff86463000 - 0x7fff864a2ff7 libGLImage.dylib (??? - ???) <2D1D8488-EC5F-3229-B983-CFDE0BB37586> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib + 0x7fff864a3000 - 0x7fff86545ff7 com.apple.securityfoundation (5.0 - 55005) <0D59908C-A61B-389E-AF37-741ACBBA6A94> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation + 0x7fff86546000 - 0x7fff865cbff7 com.apple.Heimdal (2.1 - 2.0) <C92E327E-CB5F-3C9B-92B0-F1680095C8A3> /System/Library/PrivateFrameworks/Heimdal.framework/Versions/A/Heimdal + 0x7fff865cc000 - 0x7fff865d0fff libCGXType.A.dylib (600.0.0 - compatibility 64.0.0) <5EEAD17D-006C-3855-8093-C7A4A97EE0D0> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXType.A.dylib + 0x7fff865d1000 - 0x7fff8664cff7 com.apple.print.framework.PrintCore (7.1 - 366.1) <3F140DEB-9F87-3672-97CC-F983752581AC> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore + 0x7fff8664d000 - 0x7fff86654ff7 com.apple.CommerceCore (1.0 - 17) <AA783B87-48D4-3CA6-8FF6-0316396022F4> /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Frameworks/CommerceCore.framework/Versions/A/CommerceCore + 0x7fff86655000 - 0x7fff86655fff com.apple.Accelerate.vecLib (3.7 - vecLib 3.7) <C06A140F-6114-3B8B-B080-E509303145B8> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib + 0x7fff86656000 - 0x7fff8665afff libmathCommon.A.dylib (2026.0.0 - compatibility 1.0.0) <FF83AFF7-42B2-306E-90AF-D539C51A4542> /usr/lib/system/libmathCommon.A.dylib + 0x7fff8665b000 - 0x7fff86768fff libJP2.dylib (??? - ???) <6052C973-9354-35CB-AAB9-31D00D8786F9> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib + 0x7fff86769000 - 0x7fff867acff7 libRIP.A.dylib (600.0.0 - compatibility 64.0.0) <2B1571E1-8E87-364E-BC36-C9C9B5D3EAC4> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib + 0x7fff867ad000 - 0x7fff86d91fff libBLAS.dylib (??? - ???) <C34F6D88-187F-33DC-8A68-C0C9D1FA36DF> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib + 0x7fff86d92000 - 0x7fff86da4ff7 libz.1.dylib (1.2.5 - compatibility 1.0.0) <30CBEF15-4978-3DED-8629-7109880A19D4> /usr/lib/libz.1.dylib + 0x7fff87016000 - 0x7fff8701cfff libGFXShared.dylib (??? - ???) <343AE6C0-EB02-333C-8D35-DF6093B92758> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGFXShared.dylib + 0x7fff8701d000 - 0x7fff87290fff com.apple.CoreImage (7.82 - 1.0.1) <282801B6-5D80-3E2C-88A4-00FE29906D5A> /System/Library/Frameworks/QuartzCore.framework/Versions/A/Frameworks/CoreImage.framework/Versions/A/CoreImage + 0x7fff872da000 - 0x7fff87315fff com.apple.LDAPFramework (3.0 - 120.1) <0C23534F-A8E7-3144-B2B2-50F9875101E2> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP + 0x7fff87322000 - 0x7fff87524fff libicucore.A.dylib (46.1.0 - compatibility 1.0.0) <38CD6ED3-C8E4-3CCD-89AC-9C3198803101> /usr/lib/libicucore.A.dylib + 0x7fff87a4c000 - 0x7fff87a4dfff libsystem_sandbox.dylib (??? - ???) <8D14139B-B671-35F4-9E5A-023B4C523C38> /usr/lib/system/libsystem_sandbox.dylib + 0x7fff87b4f000 - 0x7fff87b4ffff libkeymgr.dylib (23.0.0 - compatibility 1.0.0) <61EFED6A-A407-301E-B454-CD18314F0075> /usr/lib/system/libkeymgr.dylib + 0x7fff87b50000 - 0x7fff87ba7fff libTIFF.dylib (??? - ???) <FF0D9A24-6956-3F03-81EA-3EEAD22C9DB8> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib + 0x7fff87c87000 - 0x7fff8839a587 com.apple.CoreGraphics (1.600.0 - ???) <A9F2451E-6F60-350E-A6E5-539669B53074> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics + 0x7fff8839b000 - 0x7fff883b1ff7 com.apple.ImageCapture (7.0 - 7.0) <69E6E2E1-777E-332E-8BCF-4F0611517DD0> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture + 0x7fff883b2000 - 0x7fff883b9fff com.apple.NetFS (4.0 - 4.0) <B9F41443-679A-31AD-B0EB-36557DAF782B> /System/Library/Frameworks/NetFS.framework/Versions/A/NetFS + 0x7fff883d7000 - 0x7fff884b5fff com.apple.ImageIO.framework (3.1.1 - 3.1.1) <13E549F8-5BD6-3BAE-8C33-1D0BD269C081> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO + 0x7fff884b6000 - 0x7fff884b6fff com.apple.Cocoa (6.6 - ???) <021D4214-9C23-3CD8-AFB2-F331697A4508> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa + 0x7fff884b7000 - 0x7fff884b7fff com.apple.ApplicationServices (41 - 41) <03F3FA8F-8D2A-3AB6-A8E3-40B001116339> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices + 0x7fff884b8000 - 0x7fff8861efff com.apple.CFNetwork (520.2.5 - 520.2.5) <406712D9-3F0C-3763-B4EB-868D01F1F042> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork + 0x7fff8861f000 - 0x7fff88943fff com.apple.HIToolbox (1.8 - ???) <A3BE7C59-52E6-3A7F-9B30-24B7DD3E95F2> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox + 0x7fff88944000 - 0x7fff88961ff7 com.apple.openscripting (1.3.3 - ???) <A64205E6-D3C5-3E12-B1A0-72243151AF7D> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting + 0x7fff88962000 - 0x7fff88c3aff7 com.apple.security (7.0 - 55010) <93713FF4-FE86-3B4C-8150-5FCC7F3320C8> /System/Library/Frameworks/Security.framework/Versions/A/Security + 0x7fff88c5b000 - 0x7fff88cbbfff libvDSP.dylib (325.4.0 - compatibility 1.0.0) <3A7521E6-5510-3FA7-AB65-79693A7A5839> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib + 0x7fff88cbf000 - 0x7fff88d43ff7 com.apple.ApplicationServices.ATS (317.5.0 - ???) <FE629F2D-6BC0-3A58-9844-D8B9A6808A00> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS + 0x7fff88d81000 - 0x7fff88e48ff7 com.apple.ColorSync (4.7.0 - 4.7.0) <F325A9D7-7203-36B7-8C1C-B6A4D5CC73A8> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync + 0x7fff88e59000 - 0x7fff88e6dff7 com.apple.LangAnalysis (1.7.0 - 1.7.0) <04C31EF0-912A-3004-A08F-CEC27030E0B2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis + 0x7fff88e6e000 - 0x7fff88e79ff7 com.apple.speech.recognition.framework (4.0.19 - 4.0.19) <7ADAAF5B-1D78-32F2-9FFF-D2E3FBB41C2B> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition + 0x7fff88f54000 - 0x7fff88f55fff libunc.dylib (24.0.0 - compatibility 1.0.0) <C67B3B14-866C-314F-87FF-8025BEC2CAAC> /usr/lib/system/libunc.dylib + 0x7fff89095000 - 0x7fff89148fff com.apple.CoreText (220.11.0 - ???) <4EA8E2DF-542D-38D5-ADB9-C0DAA73F898B> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText + 0x7fff8932e000 - 0x7fff894cdfff com.apple.QuartzCore (1.7 - 270.0) <E8FC9AA4-A5CB-384B-AD29-7190A1387D3E> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore + 0x7fff894f6000 - 0x7fff89530fe7 com.apple.DebugSymbols (2.1 - 87) <E9000AB8-CCE4-3636-871D-E17703814B68> /System/Library/PrivateFrameworks/DebugSymbols.framework/Versions/A/DebugSymbols + 0x7fff89531000 - 0x7fff8958cff7 com.apple.HIServices (1.10 - ???) <BAB8B422-7047-3D2D-8E0A-13FCF153E4E7> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices + 0x7fff89a1d000 - 0x7fff89a6bfff libauto.dylib (??? - ???) <D8AC8458-DDD0-3939-8B96-B6CED81613EF> /usr/lib/libauto.dylib + 0x7fff89a6c000 - 0x7fff89ac0ff7 com.apple.ScalableUserInterface (1.0 - 1) <1873D7BE-2272-31A1-8F85-F70C4D706B3B> /System/Library/Frameworks/QuartzCore.framework/Versions/A/Frameworks/ScalableUserInterface.framework/Versions/A/ScalableUserInterface + 0x7fff89ac1000 - 0x7fff89ae0fff libresolv.9.dylib (46.0.0 - compatibility 1.0.0) <33263568-E6F3-359C-A4FA-66AD1300F7D4> /usr/lib/libresolv.9.dylib + 0x7fff89b26000 - 0x7fff89b65fff com.apple.AE (527.7 - 527.7) <B82F7ABC-AC8B-3507-B029-969DD5CA813D> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE + 0x7fff89fd5000 - 0x7fff8a1a9fff com.apple.CoreFoundation (6.7.1 - 635.15) <FE4A86C2-3599-3CF8-AD1A-822F1FEA820F> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation + 0x7fff8a1aa000 - 0x7fff8a1d3fff libJPEG.dylib (??? - ???) <64D079F9-256A-323B-A837-84628B172F21> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib + 0x7fff8a929000 - 0x7fff8a94dfff com.apple.Kerberos (1.0 - 1) <1F826BCE-DA8F-381D-9C4C-A36AA0EA1CB9> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos + 0x7fff8a94e000 - 0x7fff8a94efff com.apple.CoreServices (53 - 53) <043C8026-8EDD-3241-B090-F589E24062EF> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices + 0x7fff8a94f000 - 0x7fff8a9c4ff7 libc++.1.dylib (19.0.0 - compatibility 1.0.0) <C0EFFF1B-0FEB-3F99-BE54-506B35B555A9> /usr/lib/libc++.1.dylib + 0x7fff8af21000 - 0x7fff8afa4fef com.apple.Metadata (10.7.0 - 627.20) <E00156B0-663A-35EF-A307-A2CEB00F1845> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata + 0x7fff8b02d000 - 0x7fff8b036ff7 libsystem_notify.dylib (80.1.0 - compatibility 1.0.0) <A4D651E3-D1C6-3934-AD49-7A104FD14596> /usr/lib/system/libsystem_notify.dylib + 0x7fff8b06d000 - 0x7fff8b10cfff com.apple.LaunchServices (480.21 - 480.21) <6BFADEA9-5BC1-3B53-A013-488EB7F1AB57> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices + 0x7fff8b10d000 - 0x7fff8b14efff com.apple.QD (3.12 - ???) <4F3C5629-97C7-3E55-AF3C-ACC524929DA2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD + 0x7fff8b14f000 - 0x7fff8b251ff7 libxml2.2.dylib (10.3.0 - compatibility 10.0.0) <D46F371D-6422-31B7-BCE0-D80713069E0E> /usr/lib/libxml2.2.dylib + 0x7fff8b2f6000 - 0x7fff8b2f9fff libCoreVMClient.dylib (??? - ???) <E034C772-4263-3F48-B083-25A758DD6228> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCoreVMClient.dylib + 0x7fff8b2fd000 - 0x7fff8b402ff7 libFontParser.dylib (??? - ???) <B9A53808-C97E-3293-9C33-1EA9D4E83EC8> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontParser.dylib + 0x7fff8b41e000 - 0x7fff8b449ff7 libxslt.1.dylib (3.24.0 - compatibility 3.0.0) <8051A3FC-7385-3EA9-9634-78FC616C3E94> /usr/lib/libxslt.1.dylib + 0x7fff8b49e000 - 0x7fff8b4a3fff libcompiler_rt.dylib (6.0.0 - compatibility 1.0.0) <98ECD5F6-E85C-32A5-98CD-8911230CB66A> /usr/lib/system/libcompiler_rt.dylib + 0x7fff8b656000 - 0x7fff8b65bfff libcache.dylib (47.0.0 - compatibility 1.0.0) <B7757E2E-5A7D-362E-AB71-785FE79E1527> /usr/lib/system/libcache.dylib + 0x7fff8b65c000 - 0x7fff8b695fe7 libssl.0.9.8.dylib (44.0.0 - compatibility 0.9.8) <79AAEC98-1258-3DA4-B1C0-4120049D390B> /usr/lib/libssl.0.9.8.dylib + 0x7fff8b696000 - 0x7fff8b69bff7 libsystem_network.dylib (??? - ???) <5DE7024E-1D2D-34A2-80F4-08326331A75B> /usr/lib/system/libsystem_network.dylib + 0x7fff8b6c6000 - 0x7fff8b6d1ff7 libc++abi.dylib (14.0.0 - compatibility 1.0.0) <8FF3D766-D678-36F6-84AC-423C878E6D14> /usr/lib/libc++abi.dylib + 0x7fff8b909000 - 0x7fff8bd36fff libLAPACK.dylib (??? - ???) <4F2E1055-2207-340B-BB45-E4F16171EE0D> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib + 0x7fff8bd37000 - 0x7fff8bd42fff com.apple.CommonAuth (2.1 - 2.0) <BFDD0A8D-4BEA-39EC-98B3-2E083D7B1ABD> /System/Library/PrivateFrameworks/CommonAuth.framework/Versions/A/CommonAuth + 0x7fff8bd43000 - 0x7fff8bd76ff7 com.apple.GSS (2.1 - 2.0) <9A2C9736-DA10-367A-B376-2C7A584E6C7A> /System/Library/Frameworks/GSS.framework/Versions/A/GSS + 0x7fff8bd77000 - 0x7fff8bd78ff7 libremovefile.dylib (21.0.0 - compatibility 1.0.0) <C6C49FB7-1892-32E4-86B5-25AD165131AA> /usr/lib/system/libremovefile.dylib + 0x7fff8bd79000 - 0x7fff8bd7dfff libdyld.dylib (195.5.0 - compatibility 1.0.0) <F1903B7A-D3FF-3390-909A-B24E09BAD1A5> /usr/lib/system/libdyld.dylib + 0x7fff8bdac000 - 0x7fff8bdc8ff7 com.apple.GenerationalStorage (1.0 - 125) <31F60175-E38D-3C63-8D95-32CFE7062BCB> /System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/GenerationalStorage + 0x7fff8bdcd000 - 0x7fff8bdf5ff7 com.apple.CoreVideo (1.7 - 70.1) <98F917B2-FB53-3EA3-B548-7E97B38309A7> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo + 0x7fff8bdf6000 - 0x7fff8be0dfff com.apple.MultitouchSupport.framework (220.62.1 - 220.62.1) <F21C79C0-4B5A-3645-81A6-74F8EFA900CE> /System/Library/PrivateFrameworks/MultitouchSupport.framework/Versions/A/MultitouchSupport + 0x7fff8be0e000 - 0x7fff8be34ff7 com.apple.framework.familycontrols (3.0 - 300) <41A6DFC2-EAF5-390A-83A1-C8832528705C> /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/FamilyControls + 0x7fff8c071000 - 0x7fff8c155def libobjc.A.dylib (228.0.0 - compatibility 1.0.0) <C5F2392D-B481-3A9D-91BE-3D039FFF4DEC> /usr/lib/libobjc.A.dylib + 0x7fff8c156000 - 0x7fff8c17dfff com.apple.PerformanceAnalysis (1.10 - 10) <2A058167-292E-3C3A-B1F8-49813336E068> /System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/PerformanceAnalysis + 0x7fff8c17e000 - 0x7fff8c1c0ff7 libcommonCrypto.dylib (55010.0.0 - compatibility 1.0.0) <A5B9778E-11C3-3F61-B740-1F2114E967FB> /usr/lib/system/libcommonCrypto.dylib + 0x7fff8c3ff000 - 0x7fff8c452fff libFontRegistry.dylib (??? - ???) <57FBD85F-41A6-3DB9-B5F4-FCC6B260F1AD> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontRegistry.dylib + 0x7fff8c461000 - 0x7fff8c4fbff7 com.apple.SearchKit (1.4.0 - 1.4.0) <4E70C394-773E-3A4B-A93C-59A88ABA9509> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit + 0x7fff8d20f000 - 0x7fff8d24aff7 libsystem_info.dylib (??? - ???) <9C8C2DCB-96DB-3471-9DCE-ADCC26BE2DD4> /usr/lib/system/libsystem_info.dylib + 0x7fff8d24b000 - 0x7fff8d250fff libGIF.dylib (??? - ???) <393E2DB5-9479-39A6-A75A-B5F20B852532> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib + 0x7fff8d251000 - 0x7fff8d268fff com.apple.CFOpenDirectory (10.7 - 144) <9709423E-8484-3B26-AAE8-EF58D1B8FB3F> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/Frameworks/CFOpenDirectory.framework/Versions/A/CFOpenDirectory + 0x7fff8d269000 - 0x7fff8d26efff com.apple.OpenDirectory (10.7 - 146) <91A87249-6A2F-3F89-A8DE-0E95C0B54A3A> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/OpenDirectory + 0x7fff8d26f000 - 0x7fff8d2c1ff7 libGLU.dylib (??? - ???) <3C9153A0-8499-3DC0-AAA4-9FA6E488BE13> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib + 0x7fff8d2c2000 - 0x7fff8d789fff FaceCoreLight (1.4.7 - compatibility 1.0.0) <E9D2A69C-6E81-358C-A162-510969F91490> /System/Library/PrivateFrameworks/FaceCoreLight.framework/Versions/A/FaceCoreLight + 0x7fff8d78a000 - 0x7fff8d792fff libsystem_dnssd.dylib (??? - ???) <7749128E-D0C5-3832-861C-BC9913F774FA> /usr/lib/system/libsystem_dnssd.dylib + 0x7fff8d793000 - 0x7fff8d7bcfff com.apple.CoreServicesInternal (113.8 - 113.8) <C1A3CF1B-BC45-3FC6-82B3-1511EBBA9D51> /System/Library/PrivateFrameworks/CoreServicesInternal.framework/Versions/A/CoreServicesInternal + 0x7fff8d823000 - 0x7fff8d838fff com.apple.speech.synthesis.framework (4.0.74 - 4.0.74) <C061ECBB-7061-3A43-8A18-90633F943295> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis + 0x7fff8e34d000 - 0x7fff8e371ff7 com.apple.RemoteViewServices (1.2 - 39) <862849C8-84C1-32A1-B87E-B29E74778C9F> /System/Library/PrivateFrameworks/RemoteViewServices.framework/Versions/A/RemoteViewServices + 0x7fff8e508000 - 0x7fff8e51bff7 libCRFSuite.dylib (??? - ???) <034D4DAA-63F0-35E4-BCEF-338DD7A453DD> /usr/lib/libCRFSuite.dylib + 0x7fff8e7a7000 - 0x7fff8e7a9ff7 com.apple.print.framework.Print (7.1 - 247.1) <8A4925A5-BAA3-373C-9B5D-03E0270C6B12> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print + 0x7fff8e7aa000 - 0x7fff8e7adff7 com.apple.securityhi (4.0 - 1) <B37B8946-BBD4-36C1-ABC6-18EDBC573F03> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI + 0x7fff8e7ae000 - 0x7fff8e7bcfff libdispatch.dylib (187.7.0 - compatibility 1.0.0) <712AAEAC-AD90-37F7-B71F-293FF8AE8723> /usr/lib/system/libdispatch.dylib + 0x7fff8e7bd000 - 0x7fff8e7befff liblangid.dylib (??? - ???) <CACBE3C3-2F7B-3EED-B50E-EDB73F473B77> /usr/lib/liblangid.dylib + 0x7fff8e7cc000 - 0x7fff8e7e9fff libPng.dylib (??? - ???) <3C70A94C-9442-3E11-AF51-C1B0EF81680E> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib + 0x7fff8e7ea000 - 0x7fff8e7eafff com.apple.Accelerate (1.7 - Accelerate 1.7) <82DDF6F5-FBC3-323D-B71D-CF7ABC5CF568> /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate + 0x7fff8e7eb000 - 0x7fff8e801fff libGL.dylib (??? - ???) <6A473BF9-4D35-34C6-9F8B-86B68091A9AF> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib + 0x7fff8e810000 - 0x7fff8e81aff7 liblaunch.dylib (392.18.0 - compatibility 1.0.0) <39EF04F2-7F0C-3435-B785-BF283727FFBD> /usr/lib/system/liblaunch.dylib + 0x7fff8e95f000 - 0x7fff8e9f5ff7 libvMisc.dylib (325.4.0 - compatibility 1.0.0) <642D8D54-F9F5-3FBB-A96C-EEFE94C6278B> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib + 0x7fff8e9f6000 - 0x7fff8ec10fef com.apple.CoreData (104 - 358.12) <33B1FA75-7970-3751-9DCC-FF809D3E1FA2> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData + 0x7fff8ef91000 - 0x7fff8f2aaff7 com.apple.Foundation (6.7.1 - 833.20) <D922F590-FDA6-3D89-A271-FD35E2290624> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation + 0x7fff8f2ab000 - 0x7fff8f38cfff com.apple.CoreServices.OSServices (478.29 - 478.29) <B487110E-C942-33A8-A494-3BDEDB88B1CD> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices + 0x7fff8f3c8000 - 0x7fff8f3d5fff libCSync.A.dylib (600.0.0 - compatibility 64.0.0) <931F40EB-CA75-3A90-AC97-4DB8E210BC76> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib + 0x7fff8f44d000 - 0x7fff8f4c0fff libstdc++.6.dylib (52.0.0 - compatibility 7.0.0) <6BDD43E4-A4B1-379E-9ED5-8C713653DFF2> /usr/lib/libstdc++.6.dylib + 0x7fff8f7e3000 - 0x7fff8f7e3fff com.apple.Carbon (153 - 153) <895C2BF2-1666-3A59-A669-311B1F4F368B> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon + 0x7fff8fb82000 - 0x7fff8fc9aff7 com.apple.DesktopServices (1.6.1 - 1.6.1) <4418EAA6-7163-3A77-ABD3-F8289796C81A> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv + 0x7fff8fc9d000 - 0x7fff8fc9ffff com.apple.TrustEvaluationAgent (2.0 - 1) <1F31CAFF-C1C6-33D3-94E9-11B721761DDF> /System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Versions/A/TrustEvaluationAgent + 0x7fff8fca0000 - 0x7fff8fdf9fff com.apple.audio.toolbox.AudioToolbox (1.7.1 - 1.7.1) <4877267E-F736-3019-85D3-40A32A042A80> /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox + 0x7fff8fef9000 - 0x7fff8ff39ff7 libcups.2.dylib (2.9.0 - compatibility 2.0.0) <B7173CA4-CE16-3BAB-8D83-185FCEFA15F5> /usr/lib/libcups.2.dylib + 0x7fff8ff9c000 - 0x7fff900a8fff libcrypto.0.9.8.dylib (44.0.0 - compatibility 0.9.8) <3A8E1F89-5E26-3C8B-B538-81F5D61DBF8A> /usr/lib/libcrypto.0.9.8.dylib + 0x7fff900a9000 - 0x7fff900b7ff7 libkxld.dylib (??? - ???) <65BE345D-6618-3D1A-9E2B-255E629646AA> /usr/lib/system/libkxld.dylib + 0x7fff900b8000 - 0x7fff900beff7 libunwind.dylib (30.0.0 - compatibility 1.0.0) <1E9C6C8C-CBE8-3F4B-A5B5-E03E3AB53231> /usr/lib/system/libunwind.dylib + 0x7fff900cb000 - 0x7fff90204fef com.apple.vImage (5.1 - 5.1) <EB634387-CD15-3246-AC28-5FB368ACCEA2> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage + 0x7fff9020d000 - 0x7fff9023dff7 com.apple.DictionaryServices (1.2.1 - 158.2) <3FC86118-7553-38F7-8916-B329D2E94476> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices + 0x7fff9024e000 - 0x7fff90343fff libiconv.2.dylib (7.0.0 - compatibility 7.0.0) <5C40E880-0706-378F-B864-3C2BD922D926> /usr/lib/libiconv.2.dylib + 0x7fff90344000 - 0x7fff9038aff7 libcurl.4.dylib (7.0.0 - compatibility 7.0.0) <EAF61ADC-DC00-34CE-B23E-7238ED54E31D> /usr/lib/libcurl.4.dylib + 0x7fff9038b000 - 0x7fff903a8ff7 libxpc.dylib (77.17.0 - compatibility 1.0.0) <72A16104-2F23-3C22-B474-1953F06F9376> /usr/lib/system/libxpc.dylib + 0x7fff90b3e000 - 0x7fff90b3ffff libdnsinfo.dylib (395.6.0 - compatibility 1.0.0) <718A135F-6349-354A-85D5-430B128EFD57> /usr/lib/system/libdnsinfo.dylib + 0x7fff90b40000 - 0x7fff90e5cff7 com.apple.CoreServices.CarbonCore (960.18 - 960.18) <6020C3FB-6125-3EAE-A55D-1E77E38BEDEA> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore + 0x7fff90e9b000 - 0x7fff90e9bfff com.apple.vecLib (3.7 - vecLib 3.7) <9A58105C-B36E-35B5-812C-4ED693F2618F> /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib + 0x7fff90fe4000 - 0x7fff90feafff com.apple.DiskArbitration (2.4.1 - 2.4.1) <CEA34337-63DE-302E-81AA-10D717E1F699> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration + 0x7fff91024000 - 0x7fff91027fff libRadiance.dylib (??? - ???) <CD89D70D-F177-3BAE-8A26-644EA7D5E28E> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib + 0x7fff91220000 - 0x7fff91222fff libquarantine.dylib (36.0.0 - compatibility 1.0.0) <4C3BFBC7-E592-3939-B376-1C2E2D7C5389> /usr/lib/system/libquarantine.dylib + 0x7fff91223000 - 0x7fff9128bfff com.apple.CoreSymbolication (2.1 - 71) <0715BF39-D53C-3BFE-BBEA-B8EBF7274850> /System/Library/PrivateFrameworks/CoreSymbolication.framework/Versions/A/CoreSymbolication + 0x7fff9128c000 - 0x7fff912eefff com.apple.coreui (1.2.1 - 164.1) <F7972630-F696-3FC5-9FCF-A6E1C8771078> /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI + 0x7fff912ef000 - 0x7fff9135ffff com.apple.datadetectorscore (3.0 - 179.4) <2A822A13-94B3-3A43-8724-98FDF698BB12> /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/DataDetectorsCore + 0x7fff91367000 - 0x7fff91394ff7 com.apple.opencl (1.50.63 - 1.50.63) <DB335C5C-3ABD-38C8-B6A5-8436EE1484D3> /System/Library/Frameworks/OpenCL.framework/Versions/A/OpenCL + 0x7fff91395000 - 0x7fff91f96ff7 com.apple.AppKit (6.7.2 - 1138.23) <5CD2C850-4F52-3BA2-BA11-3107DFD2D23C> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit + 0x7fff91f97000 - 0x7fff91f99fff libCVMSPluginSupport.dylib (??? - ???) <61D89F3C-C64D-3733-819F-8AAAE4E2E993> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCVMSPluginSupport.dylib + +External Modification Summary: + Calls made by other processes targeting this process: + task_for_pid: 2 + thread_create: 0 + thread_set_state: 0 + Calls made by this process: + task_for_pid: 0 + thread_create: 0 + thread_set_state: 0 + Calls made by all processes on this machine: + task_for_pid: 103153 + thread_create: 1 + thread_set_state: 0 + +VM Region Summary: +ReadOnly portion of Libraries: Total=144.3M resident=100.5M(70%) swapped_out_or_unallocated=43.8M(30%) +Writable regions: Total=185.9M written=3692K(2%) resident=23.0M(12%) swapped_out=0K(0%) unallocated=162.9M(88%) + +REGION TYPE VIRTUAL +=========== ======= +CG backing stores 1496K +CG image 4K +CG raster data 64K +CG shared images 3480K +CoreGraphics 16K +CoreServices 4112K +MALLOC 67.1M +MALLOC guard page 32K +MALLOC_LARGE (reserved) 25.3M reserved VM address space (unallocated) +Memory tag=242 12K +STACK GUARD 24K +Stack 66.5M +VM_ALLOCATE 16.1M +__CI_BITMAP 80K +__DATA 21.1M +__IMAGE 1256K +__LINKEDIT 48.1M +__TEXT 96.2M +__UNICODE 544K +mapped file 32.2M +shared memory 308K +=========== ======= +TOTAL 383.7M +TOTAL, minus reserved VM space 358.4M + +Model: MacBookPro8,3, BootROM MBP81.0047.B24, 4 processors, Intel Core i7, 2.3 GHz, 8 GB, SMC 1.70f3 +Graphics: AMD Radeon HD 6750M, AMD Radeon HD 6750M, PCIe, 1024 MB +Graphics: Intel HD Graphics 3000, Intel HD Graphics 3000, Built-In, 512 MB +Memory Module: BANK 0/DIMM0, 4 GB, DDR3, 1333 MHz, 0x80AD, 0x484D54333531533642465238432D48392020 +Memory Module: BANK 1/DIMM0, 4 GB, DDR3, 1333 MHz, 0x80AD, 0x484D54333531533642465238432D48392020 +AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0xD6), Broadcom BCM43xx 1.0 (5.100.98.75.18) +Bluetooth: Version 4.0.1f4, 2 service, 11 devices, 1 incoming serial ports +Network Service: Wi-Fi, AirPort, en1 +Serial ATA Device: APPLE SSD TS512C, 500.28 GB +Serial ATA Device: MATSHITADVD-R UJ-898 +USB Device: FaceTime HD Camera (Built-in), apple_vendor_id, 0x8509, 0xfa200000 / 3 +USB Device: hub_device, 0x0424 (SMSC), 0x2514, 0xfa100000 / 2 +USB Device: BRCM2070 Hub, 0x0a5c (Broadcom Corp.), 0x4500, 0xfa110000 / 5 +USB Device: Bluetooth USB Host Controller, apple_vendor_id, 0x821a, 0xfa113000 / 7 +USB Device: Apple Internal Keyboard / Trackpad, apple_vendor_id, 0x0253, 0xfa120000 / 4 +USB Device: hub_device, 0x0424 (SMSC), 0x2514, 0xfd100000 / 2 +USB Device: Freecom Hard Drive XS, 0x07ab (Freecom Computer Peripherals), 0xfc8e, 0xfd120000 / 5 +USB Device: IR Receiver, apple_vendor_id, 0x8242, 0xfd110000 / 3 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/runtime/909 b/results/classifier/deepseek-r1:32b/output/runtime/909 new file mode 100644 index 000000000..dc380c91e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/909 @@ -0,0 +1,14 @@ + + + +qemu-mipsn32(el) user mode emulator fails to execute any recently built n32 binaries +Description of problem: +**Note: Before trying to reproduce this issue, have a look at issue 843 - the binfmt-misc magic for n32 needs to be fixed.** + +Trying to chroot into a mips n32 installation fails with +``` +/bin/bash: error while loading shared libraries: /lib32/libc.so.6: cannot read file data +``` +however, bash, libc.so.6, and qemu all exist and have the proper abi + +The problem occurs for both big and little endian N32 ABI. O32 and N64 work fine. The same N32 binaries also work fine on native hardware. diff --git a/results/classifier/deepseek-r1:32b/output/runtime/922 b/results/classifier/deepseek-r1:32b/output/runtime/922 new file mode 100644 index 000000000..6078a920d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/922 @@ -0,0 +1,23 @@ + + + +QEMU 7.0.0-rc0: Random segfaults when running grep using qemu-arm-static +Description of problem: +I'm running ARM binaries using 32 bit qemu-arm-static on x86_64 host. Sometimes when running grep via qemu, I get a random segmentation fault. Sometimes it happens faster, sometimes it takes several thousand iterations, but sooner or later it happens and really annoying. + +This problem is also reproduced on 6.2, 5.2 and 5.1 releases, and NOT reproduced on 5.0 + +I wrote small test to demonstrate this bug. +Steps to reproduce: +1. Download the test environment: [qemu-test-segfault.tar.bz2](/uploads/8f52617d46ba1e5bf29fc273cd07131d/qemu-test-segfault.tar.bz2) +2. `$ make # To build the docker container` +3. `$ make shell # To run ARM bash` +4. Inside a container, run `while true; do /qemu /bin/grep -E f text > /dev/null; [ $? -ne 0 ] && break; done`. After a while you will get segfault: +``` +[root@0d81b08f032b /]# /qemu --version +qemu-arm version 6.2.90 +Copyright (c) 2003-2022 Fabrice Bellard and the QEMU Project developers +[root@0d81b08f032b /]# while true; do /qemu /bin/grep -E f text > /dev/null; [ $? -ne 0 ] && break; done +Segmentation fault (core dumped) +[root@0d81b08f032b /]# +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/939 b/results/classifier/deepseek-r1:32b/output/runtime/939 new file mode 100644 index 000000000..6525f2bab --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/939 @@ -0,0 +1,78 @@ + + + +qemu-mipsn32el user mode emulator allocates pointers beyond upper memory limit +Description of problem: +In qemu-based N32 mips chroots (both BE and LE), I became aware of memory-intensive programs segfaulting, apparently at random. tar, gcc, but only in specific situations. Watching the strace output of gcc, I got the impression that it happens when memory beyond 2Gbyte is allocated. (mips n32 and o32 uses only 31 bit of a pointer, I've been told, so this is somewhat expected, but a segfault is nevertheless wrong.) + +So, I used the following test program, statically linked: +``` +#include <stdlib.h> +#include <stdio.h> +#include <string.h> + +int main() { + + char *pointer; + int i; + + for (i=1; i<301; i++) { + + printf("Allocation %i : ", i); + pointer = malloc(20480000 * sizeof(char)); + + printf(" pointer is %p, ", pointer); + + if (! pointer) { + printf("malloc failed\n"); + exit(0); + }; + + memset(pointer, 0xDB, 20480000); + printf(" filled\n"); + } +}; +``` + +With mips3 n32 I get the following output: +``` +pinacolada ~ # file /var/lib/machines/mips64el-n32/root/memtest +/var/lib/machines/mips64el-n32/root/memtest: ELF 32-bit LSB executable, MIPS, N32 MIPS-III version 1 (SYSV), statically linked, for GNU/Linux 3.2.0, not stripped +pinacolada ~ # /usr/bin/qemu-mipsn32el /var/lib/machines/mips64el-n32/root/memtest +Allocation 1 : pointer is 0x40802010, filled +Allocation 2 : pointer is 0x41b8b010, filled +Allocation 3 : pointer is 0x42f14010, filled +[...] +Allocation 51 : pointer is 0x7d8c4010, filled +Allocation 52 : pointer is 0x7ec4d010, filled +qemu: unhandled CPU exception 0x15 - aborting +pc=0x0000000010021944 HI=0x0000000000000004 LO=0x00000000100218f0 ds 02ea 00000000100218f0 0 +GPR00: r0 0000000000000000 at 0000000000000001 v0 000000007ffd6010 v1 0000000026f77200 +GPR04: a0 000000007ffd6010 a1 dbdbdbdbdbdbdbdb a2 0000000001388000 a3 0000000001388000 +GPR08: t0 0000000025252525 t1 0000000025252525 t2 ffffffffffffffff t3 000000001006c369 +GPR12: t4 000000001006c368 t5 0000000000000000 t6 0000000000000000 t7 0000000000000010 +GPR16: s0 0000000000000001 s1 00000000407ffd54 s2 000000001009b270 s3 0000000000000000 +GPR20: s4 0000000010000760 s5 00000000407ffd5c s6 0000000000000000 s7 0000000000000000 +GPR24: t8 0000000000000000 t9 00000000100218f0 k0 0000000000000000 k1 0000000000000000 +GPR28: gp 00000000100a7320 sp 00000000407ffbf0 s8 00000000407ffbf0 ra 0000000010000854 +CP0 Status 0x24800010 Cause 0x00000000 EPC 0x0000000000000000 + Config0 0x80004482 Config1 0xbe61309b LLAddr 0x0000000000000000 + Config2 0x80000000 Config3 0x00000000 + Config4 0x00000000 Config5 0x00000000 +** +ERROR:../accel/tcg/cpu-exec.c:928:cpu_exec: assertion failed: (cpu == current_cpu) +Bail out! ERROR:../accel/tcg/cpu-exec.c:928:cpu_exec: assertion failed: (cpu == current_cpu) +``` + +For mips2 o32 I get the more correct looking output +``` +pinacolada ~ # file /var/lib/machines/mips-o32/root/memtest +/var/lib/machines/mips-o32/root/memtest: ELF 32-bit MSB executable, MIPS, MIPS-II version 1 (SYSV), statically linked, for GNU/Linux 3.2.0, not stripped +pinacolada ~ # /usr/bin/qemu-mips /var/lib/machines/mips-o32/root/memtest +Allocation 1 : pointer is 0x3ec76008, filled +Allocation 2 : pointer is 0x3d8ed008, filled +Allocation 3 : pointer is 0x3c564008, filled +[...] +Allocation 104 : pointer is 0x4082c008, filled +Allocation 105 : pointer is (nil), malloc failed +``` diff --git a/results/classifier/deepseek-r1:32b/output/runtime/947 b/results/classifier/deepseek-r1:32b/output/runtime/947 new file mode 100644 index 000000000..74f0d403d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/947 @@ -0,0 +1,16 @@ + + + +TCG AARCH64 Segmentation fault when helper function is called +Description of problem: +Segmentation fault in the TCG thread. +The issue occurs in the generated code when branching to (helper)lookup_tb_ptr (see op longs). +It seems that the generated instruction don't load the upper32 of the address of lookup_tb_ptr in the register before branching to it. According to LLDB, the program tries to access 0x1cffe060 while the right address 0x7ff71cffe060 (see debugger logs). +Additional information: +The issue seems to be located at https://gitlab.com/qemu-project/qemu/-/blob/master/tcg/aarch64/tcg-target.c.inc#L1091 +`t2 = t1 & ~(0xffffUL << s1);`. +The fix would be `t2 = t1 & ~(0xffffULL << s1);` + + +[lldb.log](/uploads/6a1d57eaecae4a375c6ada7384489876/lldb.log) +[qemu_segmentation.log](/uploads/e3c2d6d42291ff7d1ff8d37341e3da1d/qemu_segmentation.log) diff --git a/results/classifier/deepseek-r1:32b/output/runtime/95 b/results/classifier/deepseek-r1:32b/output/runtime/95 new file mode 100644 index 000000000..d69c86bbb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/95 @@ -0,0 +1,4 @@ + + + +linux-user mode can't handle guest setting a very small RLIMIT_AS (hangs running gnutls28, coreutils configure check code) diff --git a/results/classifier/deepseek-r1:32b/output/runtime/967 b/results/classifier/deepseek-r1:32b/output/runtime/967 new file mode 100644 index 000000000..ff15a3c46 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/runtime/967 @@ -0,0 +1,227 @@ + + + +qemu 6.2 user mode memory leak when mmap + munmap is called +Description of problem: +Launch a program with qemu user mode emulator, +If this program calls mmap to allocate 40GB virtual memory and call munmap to free it later, the memory const of qemu user mode emulator grows to a very big value. + +Excepted behavior: qemu-x86_64 costs very less memory after munmap is called. +Observed behavior: qemu-x86_64 costs around 2.5GiB after munmap is called. Most of the memory is consumed by [heap]. +Steps to reproduce: +1.Compile this code with g++. +```shell +g++ -o main.bin main.cpp +``` +```cpp +#include <chrono> +#include <cstdio> +#include <sys/types.h> +#include <unistd.h> +#include <cstdlib> +#include <sys/mman.h> + +#include <thread> + +static constexpr size_t pageSize = 4096; + +int main(){ + constexpr size_t size = 1024*100*pageSize*1000; + + void* data = mmap(nullptr, size, PROT_NONE, MAP_ANONYMOUS | MAP_PRIVATE, -1, 0); + + if(data == nullptr){ + perror("mmap failed"); + exit(1); + } + + int error = munmap(data, size); + + if(error !=0){ + perror("munmap failed"); + exit(1); + } + + + printf("mmap munmap test done\n"); + while(true){ + std::this_thread::sleep_for(std::chrono::seconds(10000)); + } + + return 0; +} +``` +2. run main.bin with qemu-x86_64 +```shell +$ qemu-x86_64 ./main.bin +mmap munmap test done +``` +3. check memory usage by top +``` +$ top -p `pgrep "qemu"` +top - 16:00:39 up 6:41, 1 user, load average: 0.08, 0.12, 0.10 +Tasks: 1 total, 0 running, 1 sleeping, 0 stopped, 0 zombie +%Cpu(s): 0.0 us, 0.0 sy, 0.0 ni,100.0 id, 0.0 wa, 0.0 hi, 0.0 si, 0.0 st +MiB Mem : 15969.1 total, 8249.3 free, 6048.2 used, 1671.5 buff/cache +MiB Swap: 2048.0 total, 1209.6 free, 838.4 used. 9544.3 avail Mem + + PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND + 38521 jcq 20 0 2634324 2.3g 7840 S 0.0 14.8 0:04.48 qemu-x86_64 +``` + +4. check memory usage by mmap. Heap is 5611ca5e0000-56125d125000, the size of heap is more than 2GiB. +```shell +$ cat /proc/38521/maps +4000000000-4000001000 r--p 00000000 00:35 49812 /mnt/hgfs/workspace/LearningProjects/CMakeLearn/src/main.bin +4000001000-4000002000 r--p 00001000 00:35 49812 /mnt/hgfs/workspace/LearningProjects/CMakeLearn/src/main.bin +4000002000-4000003000 r--p 00002000 00:35 49812 /mnt/hgfs/workspace/LearningProjects/CMakeLearn/src/main.bin +4000003000-4000004000 r--p 00002000 00:35 49812 /mnt/hgfs/workspace/LearningProjects/CMakeLearn/src/main.bin +4000004000-4000005000 rw-p 00003000 00:35 49812 /mnt/hgfs/workspace/LearningProjects/CMakeLearn/src/main.bin +4000005000-4000026000 rw-p 00000000 00:00 0 +4001005000-4001006000 ---p 00000000 00:00 0 +4001006000-4001806000 rw-p 00000000 00:00 0 +4001806000-400183d000 r--p 00000000 08:05 4456513 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 +400183d000-400183e000 ---p 00000000 00:00 0 +400183e000-4001840000 r--p 00037000 08:05 4456513 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 +4001840000-4001842000 rw-p 00039000 08:05 4456513 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 +4001842000-4001844000 rw-p 00000000 00:00 0 +4001863000-4001a78000 r--p 00000000 08:05 4456541 /usr/lib/x86_64-linux-gnu/libc.so.6 +4001a78000-4001a7c000 r--p 00214000 08:05 4456541 /usr/lib/x86_64-linux-gnu/libc.so.6 +4001a7c000-4001a7e000 rw-p 00218000 08:05 4456541 /usr/lib/x86_64-linux-gnu/libc.so.6 +4001a7e000-4001a8d000 rw-p 00000000 00:00 0 +5611c96af000-5611c9734000 r--p 00000000 08:05 4467878 /usr/bin/qemu-x86_64 +5611c9734000-5611c9885000 r-xp 00085000 08:05 4467878 /usr/bin/qemu-x86_64 +5611c9885000-5611c9901000 r--p 001d6000 08:05 4467878 /usr/bin/qemu-x86_64 +5611c9902000-5611c993c000 r--p 00252000 08:05 4467878 /usr/bin/qemu-x86_64 +5611c993c000-5611c9950000 rw-p 0028c000 08:05 4467878 /usr/bin/qemu-x86_64 +5611c9950000-5611c996e000 rw-p 00000000 00:00 0 +5611ca5e0000-56125d125000 rw-p 00000000 00:00 0 [heap] +7f2038000000-7f203ffff000 rwxp 00000000 00:00 0 +7f203ffff000-7f2040000000 ---p 00000000 00:00 0 +7f2040000000-7f2040021000 rw-p 00000000 00:00 0 +7f2040021000-7f2044000000 ---p 00000000 00:00 0 +7f2047def000-7f2047e70000 rw-p 00000000 00:00 0 +7f2047e70000-7f2047e71000 ---p 00000000 00:00 0 +7f2047e71000-7f2048676000 rw-p 00000000 00:00 0 +7f2048676000-7f2048678000 r--p 00000000 08:05 4456538 /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0 +7f2048678000-7f204867f000 r-xp 00002000 08:05 4456538 /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0 +7f204867f000-7f2048680000 r--p 00009000 08:05 4456538 /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0 +7f2048680000-7f2048681000 ---p 0000a000 08:05 4456538 /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0 +7f2048681000-7f2048682000 r--p 0000a000 08:05 4456538 /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0 +7f2048682000-7f2048683000 rw-p 0000b000 08:05 4456538 /usr/lib/x86_64-linux-gnu/libffi.so.8.1.0 +7f2048683000-7f204868d000 r--p 00000000 08:05 4457088 /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1 +7f204868d000-7f20486ec000 r-xp 0000a000 08:05 4457088 /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1 +7f20486ec000-7f2048703000 r--p 00069000 08:05 4457088 /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1 +7f2048703000-7f2048704000 r--p 0007f000 08:05 4457088 /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1 +7f2048704000-7f2048705000 rw-p 00080000 08:05 4457088 /usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1 +7f2048705000-7f204870d000 r--p 00000000 08:05 4461541 /usr/lib/x86_64-linux-gnu/libhogweed.so.6.4 +7f204870d000-7f2048720000 r-xp 00008000 08:05 4461541 /usr/lib/x86_64-linux-gnu/libhogweed.so.6.4 +7f2048720000-7f204874a000 r--p 0001b000 08:05 4461541 /usr/lib/x86_64-linux-gnu/libhogweed.so.6.4 +7f204874a000-7f204874b000 ---p 00045000 08:05 4461541 /usr/lib/x86_64-linux-gnu/libhogweed.so.6.4 +7f204874b000-7f204874c000 r--p 00045000 08:05 4461541 /usr/lib/x86_64-linux-gnu/libhogweed.so.6.4 +7f204874c000-7f204874d000 rw-p 00046000 08:05 4461541 /usr/lib/x86_64-linux-gnu/libhogweed.so.6.4 +7f204874d000-7f2048757000 r--p 00000000 08:05 4464736 /usr/lib/x86_64-linux-gnu/libnettle.so.8.4 +7f2048757000-7f204877a000 r-xp 0000a000 08:05 4464736 /usr/lib/x86_64-linux-gnu/libnettle.so.8.4 +7f204877a000-7f2048790000 r--p 0002d000 08:05 4464736 /usr/lib/x86_64-linux-gnu/libnettle.so.8.4 +7f2048790000-7f2048792000 r--p 00042000 08:05 4464736 /usr/lib/x86_64-linux-gnu/libnettle.so.8.4 +7f2048792000-7f2048793000 rw-p 00044000 08:05 4464736 /usr/lib/x86_64-linux-gnu/libnettle.so.8.4 +7f2048793000-7f2048795000 rw-p 00000000 00:00 0 +7f2048795000-7f2048798000 r--p 00000000 08:05 4459610 /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2 +7f2048798000-7f20487a6000 r-xp 00003000 08:05 4459610 /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2 +7f20487a6000-7f20487aa000 r--p 00011000 08:05 4459610 /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2 +7f20487aa000-7f20487ab000 ---p 00015000 08:05 4459610 /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2 +7f20487ab000-7f20487ac000 r--p 00015000 08:05 4459610 /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2 +7f20487ac000-7f20487ad000 rw-p 00016000 08:05 4459610 /usr/lib/x86_64-linux-gnu/libtasn1.so.6.6.2 +7f20487ad000-7f20487be000 r--p 00000000 08:05 4460136 /usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0 +7f20487be000-7f20487f4000 r-xp 00011000 08:05 4460136 /usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0 +7f20487f4000-7f2048952000 r--p 00047000 08:05 4460136 /usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0 +7f2048952000-7f2048956000 r--p 001a5000 08:05 4460136 /usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0 +7f2048956000-7f2048957000 rw-p 001a9000 08:05 4460136 /usr/lib/x86_64-linux-gnu/libunistring.so.2.2.0 +7f2048957000-7f2048959000 r--p 00000000 08:05 4465922 /usr/lib/x86_64-linux-gnu/libidn2.so.0.3.7 +7f2048959000-7f204895d000 r-xp 00002000 08:05 4465922 /usr/lib/x86_64-linux-gnu/libidn2.so.0.3.7 +7f204895d000-7f2048976000 r--p 00006000 08:05 4465922 /usr/lib/x86_64-linux-gnu/libidn2.so.0.3.7 +7f2048976000-7f2048977000 r--p 0001e000 08:05 4465922 /usr/lib/x86_64-linux-gnu/libidn2.so.0.3.7 +7f2048977000-7f2048978000 rw-p 0001f000 08:05 4465922 /usr/lib/x86_64-linux-gnu/libidn2.so.0.3.7 +7f2048978000-7f20489a1000 r--p 00000000 08:05 4459606 /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0 +7f20489a1000-7f2048a45000 r-xp 00029000 08:05 4459606 /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0 +7f2048a45000-7f2048a9f000 r--p 000cd000 08:05 4459606 /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0 +7f2048a9f000-7f2048aa9000 r--p 00126000 08:05 4459606 /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0 +7f2048aa9000-7f2048ab3000 rw-p 00130000 08:05 4459606 /usr/lib/x86_64-linux-gnu/libp11-kit.so.0.3.0 +7f2048ab3000-7f2048ab5000 r--p 00000000 08:05 4456747 /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3 +7f2048ab5000-7f2048b0a000 r-xp 00002000 08:05 4456747 /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3 +7f2048b0a000-7f2048b27000 r--p 00057000 08:05 4456747 /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3 +7f2048b27000-7f2048b28000 r--p 00073000 08:05 4456747 /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3 +7f2048b28000-7f2048b29000 rw-p 00074000 08:05 4456747 /usr/lib/x86_64-linux-gnu/libpcre.so.3.13.3 +7f2048b29000-7f2048b51000 r--p 00000000 08:05 4456541 /usr/lib/x86_64-linux-gnu/libc.so.6 +7f2048b51000-7f2048ce6000 r-xp 00028000 08:05 4456541 /usr/lib/x86_64-linux-gnu/libc.so.6 +7f2048ce6000-7f2048d3e000 r--p 001bd000 08:05 4456541 /usr/lib/x86_64-linux-gnu/libc.so.6 +7f2048d3e000-7f2048d42000 r--p 00214000 08:05 4456541 /usr/lib/x86_64-linux-gnu/libc.so.6 +7f2048d42000-7f2048d44000 rw-p 00218000 08:05 4456541 /usr/lib/x86_64-linux-gnu/libc.so.6 +7f2048d44000-7f2048d53000 rw-p 00000000 00:00 0 +7f2048d53000-7f2048d56000 r--p 00000000 08:05 4457972 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 +7f2048d56000-7f2048d6d000 r-xp 00003000 08:05 4457972 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 +7f2048d6d000-7f2048d71000 r--p 0001a000 08:05 4457972 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 +7f2048d71000-7f2048d72000 r--p 0001d000 08:05 4457972 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 +7f2048d72000-7f2048d73000 rw-p 0001e000 08:05 4457972 /usr/lib/x86_64-linux-gnu/libgcc_s.so.1 +7f2048d73000-7f2048d81000 r--p 00000000 08:05 4456717 /usr/lib/x86_64-linux-gnu/libm.so.6 +7f2048d81000-7f2048dfd000 r-xp 0000e000 08:05 4456717 /usr/lib/x86_64-linux-gnu/libm.so.6 +7f2048dfd000-7f2048e58000 r--p 0008a000 08:05 4456717 /usr/lib/x86_64-linux-gnu/libm.so.6 +7f2048e58000-7f2048e59000 r--p 000e4000 08:05 4456717 /usr/lib/x86_64-linux-gnu/libm.so.6 +7f2048e59000-7f2048e5a000 rw-p 000e5000 08:05 4456717 /usr/lib/x86_64-linux-gnu/libm.so.6 +7f2048e5a000-7f2048e8b000 r--p 00000000 08:05 4456481 /usr/lib/x86_64-linux-gnu/libgnutls.so.30.31.0 +7f2048e8b000-7f2048fb4000 r-xp 00031000 08:05 4456481 /usr/lib/x86_64-linux-gnu/libgnutls.so.30.31.0 +7f2048fb4000-7f2049031000 r--p 0015a000 08:05 4456481 /usr/lib/x86_64-linux-gnu/libgnutls.so.30.31.0 +7f2049031000-7f2049041000 r--p 001d6000 08:05 4456481 /usr/lib/x86_64-linux-gnu/libgnutls.so.30.31.0 +7f2049041000-7f2049043000 rw-p 001e6000 08:05 4456481 /usr/lib/x86_64-linux-gnu/libgnutls.so.30.31.0 +7f2049043000-7f2049045000 rw-p 00000000 00:00 0 +7f2049045000-7f2049047000 r--p 00000000 08:05 4465165 /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.7200.0 +7f2049047000-7f2049049000 r-xp 00002000 08:05 4465165 /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.7200.0 +7f2049049000-7f204904a000 r--p 00004000 08:05 4465165 /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.7200.0 +7f204904a000-7f204904b000 r--p 00004000 08:05 4465165 /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.7200.0 +7f204904b000-7f204904c000 rw-p 00005000 08:05 4465165 /usr/lib/x86_64-linux-gnu/libgmodule-2.0.so.0.7200.0 +7f204904c000-7f2049069000 r--p 00000000 08:05 4465132 /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.0 +7f2049069000-7f20490f8000 r-xp 0001d000 08:05 4465132 /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.0 +7f20490f8000-7f2049182000 r--p 000ac000 08:05 4465132 /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.0 +7f2049182000-7f2049183000 ---p 00136000 08:05 4465132 /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.0 +7f2049183000-7f2049184000 r--p 00136000 08:05 4465132 /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.0 +7f2049184000-7f2049185000 rw-p 00137000 08:05 4465132 /usr/lib/x86_64-linux-gnu/libglib-2.0.so.0.7200.0 +7f2049185000-7f2049186000 rw-p 00000000 00:00 0 +7f2049186000-7f2049188000 r--p 00000000 08:05 4463546 /usr/lib/x86_64-linux-gnu/liburing.so.2.1.0 +7f2049188000-7f204918a000 r-xp 00002000 08:05 4463546 /usr/lib/x86_64-linux-gnu/liburing.so.2.1.0 +7f204918a000-7f204918b000 r--p 00004000 08:05 4463546 /usr/lib/x86_64-linux-gnu/liburing.so.2.1.0 +7f204918b000-7f204918c000 r--p 00004000 08:05 4463546 /usr/lib/x86_64-linux-gnu/liburing.so.2.1.0 +7f204918c000-7f204918d000 rw-p 00005000 08:05 4463546 /usr/lib/x86_64-linux-gnu/liburing.so.2.1.0 +7f20491ac000-7f20491ae000 rw-p 00000000 00:00 0 +7f20491ae000-7f20491b0000 r--p 00000000 08:05 4456513 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 +7f20491b0000-7f20491da000 r-xp 00002000 08:05 4456513 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 +7f20491da000-7f20491e5000 r--p 0002c000 08:05 4456513 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 +7f20491e6000-7f20491e8000 r--p 00037000 08:05 4456513 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 +7f20491e8000-7f20491ea000 rw-p 00039000 08:05 4456513 /usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2 +7fffe17ee000-7fffe1810000 rw-p 00000000 00:00 0 [stack] +7fffe19d1000-7fffe19d5000 r--p 00000000 00:00 0 [vvar] +7fffe19d5000-7fffe19d7000 r-xp 00000000 00:00 0 [vdso] +ffffffffff600000-ffffffffff601000 --xp 00000000 00:00 0 [vsyscall] +``` +Additional information: +qemu is installed by ubuntu's apt. + +sudo apt install qemu-user + +compiler version: +``` +g++ --version +g++ (Ubuntu 11.2.0-19ubuntu1) 11.2.0 +Copyright (C) 2021 Free Software Foundation, Inc. +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +``` + +libc version: +``` +ldd --version +ldd (Ubuntu GLIBC 2.35-0ubuntu3) 2.35 +Copyright (C) 2022 Free Software Foundation, Inc. +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +Written by Roland McGrath and Ulrich Drepper. +``` diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1007 b/results/classifier/deepseek-r1:32b/output/syscall/1007 new file mode 100644 index 000000000..d2ad3ea54 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1007 @@ -0,0 +1,4 @@ + + + +qemu-user: add execveat syscall support diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1012 b/results/classifier/deepseek-r1:32b/output/syscall/1012 new file mode 100644 index 000000000..6c3c897d5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1012 @@ -0,0 +1,44 @@ + + + +9p: newfstatat behaves differently than fstat causing ENOENT for here-documents +Description of problem: +After recent gnulib and coreutils update bash here-documents stopped to work producing `cat: -: No such file or directory` error. +Steps to reproduce: +1. I have file `a` with: +``` +cat <<EOF +x +EOF +``` +2. User visible error inside VM: +``` +root@x86_64:~# grep 9p /proc/mounts +/dev/root / 9p rw,dirsync,relatime,loose,access=any,msize=262144,trans=virtio 0 0 +root@x86_64:~# bash a +cat: -: No such file or directory +``` +3. `strace -fyv bash a` shows: +``` + [pid 291] newfstatat(1</dev/ttyS0>, "", {st_dev=makedev(0, 0x5), st_ino=85, st_mode=S_IFCHR|0600, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=0, st_rdev=makedev(0x4, 0x40), st_atime=1651577553 /* 2022-05-03T11:32:33.969984203+0000 */, +st_atime_nsec=969984203, st_mtime=1651577553 /* 2022-05-03T11:32:33.969984203+0000 */, st_mtime_nsec=969984203, st_ctime=1651577069 /* 2022-05-03T11:24:29.969984203+0000 */, st_ctime_nsec=969984203}, AT_EMPTY_PATH) = 0 + [pid 291] newfstatat(0</usr/src/tmp/sh-thd.420UUL (deleted)>, "", 0x7ffd1b96a3a0, AT_EMPTY_PATH) = -1 ENOENT (No such file or directory) + [pid 291] write(2</dev/ttyS0>, "cat: ", 5cat: ) = 5 + [pid 291] write(2</dev/ttyS0>, "-", 1-) = 1 + [pid 291] write(2</dev/ttyS0>, ": No such file or directory", 27: No such file or directory) = 27 + [pid 291] write(2</dev/ttyS0>, "\n", 1 +``` +Additional information: +In comparison, `strace -fyv bash a` in the old system w/o gnulib/coreutils update shows: +``` + [pid 283] fstat(1</dev/ttyS0>, {st_dev=makedev(0, 0x5), st_ino=85, st_mode=S_IFCHR|0600, st_nlink=1, st_uid=0, st_gid=0, st_blksize=4096, st_blocks=0, st_rdev=makedev(0x4, 0x40), st_atime=1651577784 /* 2022-05-03T11:36:24.238343204+0000 */, st_atime_nsec=238343204, +st_mtime=1651577784 /* 2022-05-03T11:36:24.238343204+0000 */, st_mtime_nsec=238343204, st_ctime=1651577774 /* 2022-05-03T11:36:14.238343204+0000 */, st_ctime_nsec=238343204}) = 0 + [pid 283] fstat(0</usr/src/tmp/sh-thd.3xuISC (deleted)>, {st_dev=makedev(0, 0x14), st_ino=17926519, st_mode=S_IFREG|0600, st_nlink=0, st_uid=502, st_gid=502, st_blksize=262144, st_blocks=0, st_size=2, st_atime=1651577786 /* 2022-05-03T11:36:26.295302472+0000 */, +st_atime_nsec=295302472, st_mtime=1651577785 /* 2022-05-03T11:36:25+0000 */, st_mtime_nsec=0, st_ctime=1651577785 /* 2022-05-03T11:36:25+0000 */, st_ctime_nsec=0}) = 0 + [pid 283] fadvise64(0</usr/src/tmp/sh-thd.3xuISC (deleted)>, 0, 0, POSIX_FADV_SEQUENTIAL) = 0 + [pid 283] mmap(NULL, 270336, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f715f13e000 + [pid 283] read(0</usr/src/tmp/sh-thd.3xuISC (deleted)>, "x\n", 262144) = 2 + [pid 283] write(1</dev/ttyS0>, "x\n", 2x +``` + +So it seems that they started to use `newfstatat` instead of `fstat`, which behaves differently. diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1076445 b/results/classifier/deepseek-r1:32b/output/syscall/1076445 new file mode 100644 index 000000000..39d32b76e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1076445 @@ -0,0 +1,48 @@ + + + +qemu-i386 fails on system(3) with a cross-toolchain from Buildroot + +qemu-i386 fails with small C program containing a system(). +The C program is cross-compiled with a toolchain created by buildroot (http://buildroot.net/), gcc version 4.6.3, uClibc version 0.9.33.2 . +qemu version 1.2.0 (built with http://git.buildroot.net/buildroot/tree/package/qemu/qemu.mk) +host machine : Ubuntu 12.04 LTS on x86_64. + + $ cat sys.c + #include <stdio.h> + #include <stdlib.h> + + int main() + { + int ret = system("echo hello"); + printf("%d\n", ret); + } + + $ ../../host/usr/bin/i686-buildroot-linux-uclibc-gcc -o sys sys.c + $ file sys + sys: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), not stripped + $ ../../host/usr/bin/qemu-i386 ./sys + -1 + +same problem with x86_64 : + $ ../../host/usr/bin/x86_64-buildroot-linux-uclibc-gcc -o sys sys.c + $ file sys + sys: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), not stripped + $ ../../host/usr/bin/qemu-x86_64 sys + -1 + +works fine with arm : + $ ../../host/usr/bin/arm-buildroot-linux-uclibcgnueabi-gcc -o sys sys.c + $ file sys + sys: ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), not stripped + $ ../../host/usr/bin/qemu-arm ./sys + hello + 0 + +works fine with mips : + $ ../../host/usr/bin/mips-buildroot-linux-uclibc-gcc -o sys sys.c + $ file sys + sys: ELF 32-bit MSB executable, MIPS, MIPS32 rel2 version 1 (SYSV), dynamically linked (uses shared libs), with unknown capability 0x41000000 = 0xf676e75, with unknown capability 0x10000 = 0x70403, not stripped + $ ../../host/usr/bin/qemu-mips sys + hello + 0 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1111 b/results/classifier/deepseek-r1:32b/output/syscall/1111 new file mode 100644 index 000000000..b0fbfb334 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1111 @@ -0,0 +1,21 @@ + + + +Calling FUTEX_LOCK_PI with qemu-x86_64-static caused ENOSYS error. +Description of problem: +When I executed the command "perf bench futex lock-pi" in amd64 docker image on s390x, I got the following error. +``` +perf: thread 2: Could not lock pi-lock for 0x40006c4480 (-1): Function not implemented +perf: thread 2: Could not lock pi-lock for 0x40006c4480 (-1): Function not implemented +perf: thread 2: Could not lock pi-lock for 0x40006c4480 (-1): Function not implemented +perf: thread 2: Could not lock pi-lock for 0x40006c4480 (-1): Function not implemented +``` + +I searched for this error message in the source code of perf-bench. I think that the following system call caused ENOSYS error. +` syscall(SYS_futex, uaddr, FUTEX_LOCK_PI | opflags, val, timeout, uaddr2, val3)` +Steps to reproduce: +1. Execute the command "perf bench futex lock-pi" in amd64 docker image on s390x +2. +3. +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/syscall/121 b/results/classifier/deepseek-r1:32b/output/syscall/121 new file mode 100644 index 000000000..74768dcb1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/121 @@ -0,0 +1,4 @@ + + + +multiprocess program gets incorrect results with qemu arm-linux-user diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1238 b/results/classifier/deepseek-r1:32b/output/syscall/1238 new file mode 100644 index 000000000..cd164940b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1238 @@ -0,0 +1,122 @@ + + + +qemu-mipsn32el and qemu-mipsn32 problems with coreutils-9*, fadvise64 or fallocate related? +Description of problem: +- Recently about 15 of the ca. 250 packages in our system set fail during `make install`. A typical error is +> `/usr/bin/install: error deallocating '/var/tmp/portage/sys-apps/groff-1.22.4/image/usr/bin/troff': Invalid argument` +- Given the timing and the involved binaries (most of the times `install`, but also `cp`), I suspect this was triggered by coreutils-9 +- The problem seems to only occur on ext4 (our release engineering box), but not on btrfs (my home development box) +- The problem seems to be limited to n32 (both big and little endian) + +Here's a run with strace functionality enabled: + +``` +dilfridge-mips64el-n32 /var/tmp/portage/sys-apps/groff-1.22.4/work/groff-1.22.4 # /usr/bin/qemu-mipsn32el -strace /usr/bin/install troff '/var/tmp/portage/sys-apps/groff-1.22.4/image/usr/bin' +3216 brk(NULL) = 0x40032000 +3216 mmap(NULL,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x3f7ba000 +3216 uname(0x3fffebb0) = 0 +3216 access("/etc/ld.so.preload",R_OK) = -1 errno=2 (No such file or directory) +3216 openat(AT_FDCWD,"/etc/ld.so.cache",O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 +3216 statx(3,"",AT_EMPTY_PATH|AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x3fffe280) = 0 +3216 mmap(NULL,11294,PROT_READ,MAP_PRIVATE,3,0) = 0x3f7b7000 +3216 close(3) = 0 +3216 openat(AT_FDCWD,"/lib32/libacl.so.1",O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 +3216 read(3,0x3fffe4c4,512) = 512 +3216 statx(3,"",AT_EMPTY_PATH|AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x3fffe220) = 0 +3216 mmap(NULL,197008,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x3f786000 +3216 mmap(0x3f790000,131472,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0) = 0x3f790000 +3216 munmap(0x3f786000,40960) = 0 +3216 munmap(0x3f7b1000,20880) = 0 +3216 mprotect(0x3f797000,98304,PROT_NONE) = 0 +3216 mmap(0x3f7af000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0xf000) = 0x3f7af000 +3216 close(3) = 0 +3216 openat(AT_FDCWD,"/lib32/libattr.so.1",O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 +3216 read(3,0x3fffe4b4,512) = 512 +3216 statx(3,"",AT_EMPTY_PATH|AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x3fffe210) = 0 +3216 mmap(NULL,196864,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x3f75f000 +3216 mmap(0x3f760000,131328,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0) = 0x3f760000 +3216 munmap(0x3f75f000,4096) = 0 +3216 munmap(0x3f781000,57600) = 0 +3216 mprotect(0x3f764000,110592,PROT_NONE) = 0 +3216 mmap(0x3f77f000,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0xf000) = 0x3f77f000 +3216 close(3) = 0 +3216 openat(AT_FDCWD,"/lib32/libc.so.6",O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 +3216 read(3,0x3fffe4a4,512) = 512 +3216 pread64(3,1073734640,32,34504,1065377824,0) = 32 +3216 statx(3,"",AT_EMPTY_PATH|AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x3fffe200) = 0 +3216 mmap(NULL,2056864,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x3f569000 +3216 mmap(0x3f570000,1991328,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0) = 0x3f570000 +3216 munmap(0x3f569000,28672) = 0 +3216 munmap(0x3f757000,33440) = 0 +3216 mprotect(0x3f73c000,61440,PROT_NONE) = 0 +3216 mmap(0x3f74b000,28672,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0x1cb000) = 0x3f74b000 +3216 mmap(0x3f752000,17056,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0) = 0x3f752000 +3216 close(3) = 0 +3216 mmap(NULL,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x3f569000 +3216 set_thread_area(0x3f570580) = 0 +3216 set_tid_address(1062637704,1065348616,1065377824,0,-1,0) = 3216 +3216 set_robust_list(1062637712,12,1065377824,0,-1,0) = -1 errno=89 (Function not implemented) +3216 Unknown syscall 6331 +3216 mprotect(0x3f74b000,16384,PROT_READ) = 0 +3216 mprotect(0x3f77f000,4096,PROT_READ) = 0 +3216 mprotect(0x3f7af000,4096,PROT_READ) = 0 +3216 mprotect(0x4002e000,4096,PROT_READ) = 0 +3216 mprotect(0x3f7fc000,8192,PROT_READ) = 0 +3216 getrlimit(3,1073737152,1064664656,1062638996,1064337736,1064664656) = 0 +3216 munmap(0x3f7b7000,11294) = 0 +3216 getrandom(1064649956,4,1,1064337736,2130640639,1077952576) = 4 +3216 brk(NULL) = 0x40032000 +3216 brk(0x40053000) = 0x40053000 +3216 brk(0x40054000) = 0x40054000 +3216 openat(AT_FDCWD,"/usr/lib/locale/locale-archive",O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 +3216 statx(3,"",AT_EMPTY_PATH|AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x3fffed58) = 0 +3216 mmap(NULL,2097152,PROT_READ,MAP_PRIVATE,3,0) = 0x3f369000 +3216 close(3) = 0 +3216 geteuid() = 0 +3216 umask(0) = 18 +3216 openat(AT_FDCWD,"/var/tmp/portage/sys-apps/groff-1.22.4/image/usr/bin",O_RDONLY|O_DIRECTORY|O_LARGEFILE|O_PATH) = 3 +3216 statx(AT_FDCWD,"troff",AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x3fffe998) = 0 +3216 statx(3,"troff",AT_NO_AUTOMOUNT|AT_SYMLINK_NOFOLLOW,STATX_BASIC_STATS,0x3fffe998) = 0 +3216 unlinkat(3,"troff",0) = 0 +3216 openat(AT_FDCWD,"troff",O_RDONLY|O_LARGEFILE) = 4 +3216 statx(4,"",AT_EMPTY_PATH|AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x3fffe998) = 0 +3216 openat(3,"troff",O_WRONLY|O_CREAT|O_EXCL|O_LARGEFILE,0600) = 5 +3216 ioctl(5,FICLONE,4) = -1 errno=122 (Operation not supported) +3216 statx(5,"",AT_EMPTY_PATH|AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x3fffe998) = 0 +3216 lseek(4,0,SEEK_DATA) = 0 +3216 fadvise64(4,0,0,2,1664557525,0) = -1 errno=22 (Invalid argument) +3216 lseek(4,0,SEEK_HOLE) = 716800 +3216 lseek(4,0,SEEK_SET) = 0 +3216 mmap(NULL,139264,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x3f347000 +3216 read(4,0x3f348000,131072) = 131072 +3216 write(5,0x3f348000,122880) = 122880 +3216 read(4,0x3f348000,131072) = 131072 +3216 lseek(5,12288,SEEK_CUR) = 135168 +3216 fallocate(5,FALLOC_FL_KEEP_SIZE|FALLOC_FL_PUNCH_HOLE,122880,4290510848) = -1 errno=22 (Invalid argument) +3216 openat(AT_FDCWD,"/usr/share/locale/locale.alias",O_RDONLY|O_CLOEXEC) = 6 +3216 statx(6,"",AT_EMPTY_PATH|AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x3fffe2c8) = 0 +3216 read(6,0x400333a0,4096) = 2998 +3216 read(6,0x400333a0,4096) = 0 +3216 close(6) = 0 +3216 openat(AT_FDCWD,"/usr/share/locale/C.UTF-8/LC_MESSAGES/coreutils.mo",O_RDONLY) = -1 errno=2 (No such file or directory) +3216 openat(AT_FDCWD,"/usr/share/locale/C.utf8/LC_MESSAGES/coreutils.mo",O_RDONLY) = -1 errno=2 (No such file or directory) +3216 openat(AT_FDCWD,"/usr/share/locale/C/LC_MESSAGES/coreutils.mo",O_RDONLY) = -1 errno=2 (No such file or directory) +3216 write(2,0x3fffc888,18)/usr/bin/install: = 18 +3216 write(2,0x3fffc8b8,79)error deallocating '/var/tmp/portage/sys-apps/groff-1.22.4/image/usr/bin/troff' = 79 +3216 openat(AT_FDCWD,"/usr/share/locale/C.UTF-8/LC_MESSAGES/libc.mo",O_RDONLY) = -1 errno=2 (No such file or directory) +3216 openat(AT_FDCWD,"/usr/share/locale/C.utf8/LC_MESSAGES/libc.mo",O_RDONLY) = -1 errno=2 (No such file or directory) +3216 openat(AT_FDCWD,"/usr/share/locale/C/LC_MESSAGES/libc.mo",O_RDONLY) = -1 errno=2 (No such file or directory) +3216 write(2,0x3fffc428,18): Invalid argument = 18 +3216 write(2,0x3fffc858,1) + = 1 +3216 close(5) = 0 +3216 close(4) = 0 +3216 munmap(0x3f347000,139264) = 0 +3216 lseek(0,0,SEEK_CUR) = -1 errno=29 (Illegal seek) +3216 close(0) = 0 +3216 close(1) = 0 +3216 close(2)dilfridge-mips64el-n32 /var/tmp/portage/sys-apps/groff-1.22.4/work/groff-1.22.4 # +``` + +More information and debugging on request. Any advice is appreciated. diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1261 b/results/classifier/deepseek-r1:32b/output/syscall/1261 new file mode 100644 index 000000000..a19a401fc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1261 @@ -0,0 +1,28 @@ + + + +qemu-user syscall 439 (faccessat2) not implemented - loongarch64 +Description of problem: +On LoongArch64 architecture faccessat syscall is missing and only faccessat2 is present, but it is not handled in linux-user/syscall +Steps to reproduce: +1. Launch a simple bash test script (call it test.sh): if [[ -r test.sh ]] ; then echo OK ; else echo ERROR ; fi +2. The result is "ERROR" even if the file "test.sh" exists and it is readeable +3. The correct result should be "OK" +Additional information: +test.sh: + ``` + if [[ -r test.sh ]] ; then echo OK ; else echo ERROR ; fi + ``` +qemu-loongarch -strace log: + ``` +[...] +12579 statx(255,"",AT_EMPTY_PATH|AT_NO_AUTOMOUNT,STATX_BASIC_STATS,0x0000004000802a50) = 0 +12579 lseek(255,0,SEEK_CUR) = 0 +12579 read(255,0x2016d490,56) = 56 +12579 Unknown syscall 439 +12579 write(1,0x20172010,6) = 6 +12579 read(255,0x2016d490,56) = 0 +12579 rt_sigprocmask(SIG_BLOCK,0x0000004000802b60,0x0000004000802be0) = 0 +12579 rt_sigprocmask(SIG_SETMASK,0x0000004000802be0,NULL) = 0 +12579 exit_group(0) + ``` diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1319100 b/results/classifier/deepseek-r1:32b/output/syscall/1319100 new file mode 100644 index 000000000..65028a4f0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1319100 @@ -0,0 +1,72 @@ + + + +qemu-arm-static bug in signal handling causes mono and java to hang + +Note, this bug is already reported to debian, but it seems to also affect the upstream code. +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=748043 + +running mono in a chroot environment with qemu-user-static is not posible +because at least one signal used during termination of mono is routed to the +host. + +This can be reproduced by: +debootstrap --include=mono-runtime --foreign --arch=armel "wheezy" "mono-test" "http://ftp.de.debian.org//debian" +cp /usr/bin/qemu-arm-static mono-test/usr/bin +mount -t proc none mono-test/proc +mount -o bind /dev mono-test/dev +mount -o bind /sys mono-test/sys +chroot mono-test +../debootstrap/debootstrap --second-stage +exit +mount -t proc none mono-test/proc +mount -o bind /sys mono-test/sys +chroot mono-test +QEMU_STRACE=1 /usr/bin/mono /usr/lib/mono/4.0/gacutil.exe + +This will block on a futex: + +--8<-- +18663 sched_yield(0,0,2582980,0,0,2582928) = 0 +18663 clock_gettime(1,-150996384,2,1,2585016,2585600) = 0 +18663 tgkill(18663,18664,30,18664,30,-161951744) = 0 +18663 futex(0x00293774,FUTEX_PRIVATE_FLAG|FUTEX_WAIT,0,NULL,NULL,0) +--8<-- + +If you use mono within strace on a native x86 box you can see, that signals +between threads are used during termination: + +strace -f -o log.txt /usr/bin/mono /usr/lib/mono/4.0/gacutil.exe + +--8<-- +14075 sched_yield() = 0 +14075 tgkill(14075, 14083, SIGPWR) = 0 +14075 futex(0x983f00, FUTEX_WAIT_PRIVATE, 0, NULL <unfinished ...> +14083 <... futex resumed> ) = ? ERESTARTSYS (To be restarted) +14083 --- SIGPWR (Power failure) @ 0 (0) --- +14083 futex(0x983f00, FUTEX_WAKE_PRIVATE, 1) = 1 +14075 <... futex resumed> ) = 0 +14083 rt_sigsuspend(~[INT QUIT ABRT TERM XCPU RTMIN RT_1] <unfinished ...> +14075 futex(0x94d9a4, FUTEX_CMP_REQUEUE_PRIVATE, 1, 2147483647, 0x94da20, 24) = 3 +14078 <... futex resumed> ) = 0 +14078 futex(0x94da20, FUTEX_WAKE_PRIVATE, 1) = 1 +14077 <... futex resumed> ) = 0 +14075 futex(0x94d9a4, FUTEX_CMP_REQUEUE_PRIVATE, 1, 2147483647, 0x94da20, 26 <unfinished ...> +--8<-- + +This also blocks the installation of libnunit2.6-cil within a armel chroot, +because it uses mono in its postinst script. +E.g. (/usr/bin/mono /usr/share/mono/MonoGetAssemblyName.exe /usr/lib/cli/nunit.core-2.6/nunit.core.dll) + +Obviously the same as described in: +http://lists.opensuse.org/opensuse-arm/2011-12/msg00000.html +is happening here. + +There is an openSuSE patch against qemu: +https://build.opensuse.org/package/view_file/Virtualization:Qemu/qemu/0002-XXX-work-around-SA_RESTART-race-wit.patch?expand=1 + +This patch also applies against qemu from backports-wheezy and resolves this +issue. + +As it seems, that this issue is not Debian specific i will also report it to +the qemu project and reference this bug report. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1356916 b/results/classifier/deepseek-r1:32b/output/syscall/1356916 new file mode 100644 index 000000000..79e79640f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1356916 @@ -0,0 +1,9 @@ + + + +Too small argv limit + +Current kernels don't have a fixed argv/environ limit any more, but the user-space emulation of qemu is still using a fixed limit. This can cause execve to fail when it wouldn't on a real system. For example, the follwing command should not fail in the emulated environment: + +$ /bin/true $(yes | head -n 100000) +-bash: /bin/true: Argument list too long \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1457275 b/results/classifier/deepseek-r1:32b/output/syscall/1457275 new file mode 100644 index 000000000..c4c233a02 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1457275 @@ -0,0 +1,108 @@ + + + +qemu-user hangs in m{,un}map loop + +Gentoo amd64 there, tried both 2.3.0 and eba05e922e8e7f307bc5d4104a78797e55124e97 versions of qemu. Reproduces with qemu-x86_64 as well. + +∞ strace qemu-arm bin/true 2>&1| head -n 100 +execve("/usr/bin/qemu-arm", ["qemu-arm", "bin/true"], [/* 49 vars */]) = 0 +uname({sysname="Linux", nodename="l29ah-home", ...}) = 0 +brk(0) = 0x62a4d070 +brk(0x62a4e2b0) = 0x62a4e2b0 +arch_prctl(ARCH_SET_FS, 0x62a4d980) = 0 +set_tid_address(0x62a4dc50) = 7841 +set_robust_list(0x62a4dc60, 24) = 0 +rt_sigaction(SIGRTMIN, {0x6011bd10, [], SA_RESTORER|SA_SIGINFO, 0x60122710}, NULL, 8) = 0 +rt_sigaction(SIGRT_1, {0x6011bda0, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x60122710}, NULL, 8) = 0 +rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 +getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 +readlink("/proc/self/exe", "/usr/bin/qemu-arm", 4096) = 17 +brk(0x62a6f2b0) = 0x62a6f2b0 +brk(0x62a70000) = 0x62a70000 +rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 +mmap(NULL, 8392704, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x2c951ff9000 +mprotect(0x2c951ff9000, 4096, PROT_NONE) = 0 +clone(child_stack=0x2c9527f8df0, flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, parent_tidptr=0x2c9527f99d0, tls=0x2c9527f9700, child_tidptr=0x2c9527f99d0) = 7842 +rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 +gettimeofday({1432174351, 569148}, NULL) = 0 +getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 +time(NULL) = 1432174351 +openat(AT_FDCWD, "/usr/gnemul/qemu-arm", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = -1 ENOENT (No such file or directory) +uname({sysname="Linux", nodename="l29ah-home", ...}) = 0 +mprotect(0x60519000, 33558528, PROT_READ|PROT_WRITE|PROT_EXEC) = 0 +madvise(0x605190b0, 33554432, MADV_HUGEPAGE) = -1 EINVAL (Invalid argument) +mmap(NULL, 50331648, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c94eff9000 +brk(0x62a91000) = 0x62a91000 +mmap(NULL, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0x1000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0x2000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0x3000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0x4000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0x5000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0x6000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0x7000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0x8000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0x9000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0xa000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0xb000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0xc000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0xd000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0xe000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0xf000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0x10000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 +mmap(0x11000, 4143972352, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_NORESERVE, -1, 0) = 0x2c857ff9000 +mmap(0x2c957fe9000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x2c857ff8000 +munmap(0x2c857ff8000, 4096) = 0 +munmap(0x2c857ff9000, 4143972352) = 0 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1462640 b/results/classifier/deepseek-r1:32b/output/syscall/1462640 new file mode 100644 index 000000000..b4e114a60 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1462640 @@ -0,0 +1,38 @@ + + + +shmat fails on 32-to-64 setup + + +I am trying to run a guest mips32 program (user mode) on a x86_64 host. The program fails on a call to shmat() reproducibly. when digging into this problem, I could make a small guest POC that fails when compiled as i386 (-m32) running on a x86_64 host, but pass when compiled as 64bit. The problem has to do with mmap flags. + +From what I can understand, when running 32bits guests programs, qemu reserve the whole guest virtual space with an mmap call. That mmap call specifys MAP:PRIVATE flag. When shmat is called, it tries to make part of that region MAP_SHARED and that fails. + +As a possible fix, it looks like it is possible to first unmap the shm region before calling shmat. + +steps to reproduce: +1 - create a file shm.c with content below +2 - compile with: gcc -m32 shm.c -o shm32 +3 - run on a x86_64 host: qemu-i386 ./shm32 +4 - observe shmat fails, by returning ptr -1 + +5- compile without -m32: : gcc shm.c -o shm64 +6 - observe it pass: qemu-x84_64 ./shm64 + + + +#include <sys/ipc.h> +#include <sys/shm.h> +#include <sys/mman.h> +#include <stdio.h> + +int main() +{ + struct shmid_ds shm_desc; + int err = 0; + int id = shmget(IPC_PRIVATE, 688128, IPC_CREAT|IPC_EXCL|0666); + err = shmctl(id, IPC_STAT, &shm_desc); + const void *at = 0x7f7df38ea000; + void* ptr = shmat(id, at, 0); + printf( "got err %d, ptr %p\n", err, ptr ); +} \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1470170 b/results/classifier/deepseek-r1:32b/output/syscall/1470170 new file mode 100644 index 000000000..4204668d8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1470170 @@ -0,0 +1,43 @@ + + + +Unsupported syscalls 370 and 355 + +Qemu seems to be missing syscalls 370 and 355 when running qemu usermode arm. These are used by systemd or some similar new package. This can be detected by creating an debian sid armhf with qemu debootstrap. When the system is launched with "systemd-nspawn -bD sid-arm" this happens (newest git as of today): + +pawning container sid-arm on /home/jpakkane/qemutest/sid-arm. +Press ^] three times within 1s to kill container. +Failed to create directory /home/jpakkane/qemutest/sid-arm//sys/fs/selinux: Read-only file system +Failed to create directory /home/jpakkane/qemutest/sid-arm//sys/fs/selinux: Read-only file system +/etc/localtime is not a symlink, not updating container timezone. +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 384 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +qemu: Unsupported syscall: 370 +systemd 221 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT -GNUTLS +ACL +XZ -LZ4 +SECCOMP +BLKID -ELFUTILS +KMOD -IDN) +Detected virtualization systemd-nspawn. +Detected architecture arm. + +Welcome to Debian GNU/Linux stretch/sid! + +Set hostname to <manos>. +qemu: Unsupported syscall: 355 +Failed to allocate manager object: Function not implemented +[!!!!!!] Failed to allocate manager object, freezing. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1494 b/results/classifier/deepseek-r1:32b/output/syscall/1494 new file mode 100644 index 000000000..38369c1ad --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1494 @@ -0,0 +1,935 @@ + + + +[regression] [bisected] [coredump] qemu-x86_64 segfaults on ppc64le (4K page size) when downloading go dependencies: unexpected fault address 0x0 +Description of problem: +qemu-x86_64 segfaults when trying to compile yay inside an Arch Linux x86_64 chroot from a Gentoo Linux ppc64le (4K page size) host. Hardware is a Raptor CS Talos 2 Power 9. + +It works with qemu-7.2 so this is a regression in git master (or less likely with the patch). + +``` +[niko@talos2 yay]$ makepkg -s +==> Making package: yay 11.3.2-1 (Wed 15 Feb 2023 05:03:01 PM CET) +==> Checking runtime dependencies... +==> Checking buildtime dependencies... +==> Retrieving sources... + -> Found yay-11.3.2.tar.gz +==> Validating source files with sha256sums... + yay-11.3.2.tar.gz ... Passed +==> Extracting sources... + -> Extracting yay-11.3.2.tar.gz with bsdtar +==> Removing existing $pkgdir/ directory... +==> Starting build()... +go build -trimpath -mod=readonly -modcacherw -ldflags '-X "main.yayVersion=11.3.2" -X "main.localePath=/usr/share/locale/" -linkmode=external' -buildmode=pie -o yay +go: downloading github.com/Jguer/votar v1.0.0 +go: downloading github.com/Jguer/aur v1.0.1 +go: downloading github.com/Jguer/go-alpm/v2 v2.1.2 +go: downloading github.com/Morganamilo/go-pacmanconf v0.0.0-20210502114700-cff030e927a5 +go: downloading golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab +go: downloading github.com/Morganamilo/go-srcinfo v1.0.0 +go: downloading golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 +go: downloading github.com/leonelquinteros/gotext v1.5.0 +go: downloading github.com/adrg/strutil v0.3.0 +go: downloading golang.org/x/text v0.3.7 +make: *** [Makefile:113: yay] Illegal instruction (core dumped) +``` + +``` +[niko@talos2 yay]$ makepkg -s +==> Making package: yay 11.3.2-1 (Wed 15 Feb 2023 05:10:01 PM CET) +==> Checking runtime dependencies... +==> Checking buildtime dependencies... +==> Retrieving sources... + -> Found yay-11.3.2.tar.gz +==> Validating source files with sha256sums... + yay-11.3.2.tar.gz ... Passed +==> Extracting sources... + -> Extracting yay-11.3.2.tar.gz with bsdtar +==> Starting build()... +go build -trimpath -mod=readonly -modcacherw -ldflags '-X "main.yayVersion=11.3.2" -X "main.localePath=/usr/share/locale/" -linkmode=external' -buildmode=pie -o yay +go: downloading github.com/Jguer/votar v1.0.0 +go: downloading github.com/Jguer/go-alpm/v2 v2.1.2 +go: downloading github.com/Morganamilo/go-srcinfo v1.0.0 +go: downloading github.com/Jguer/aur v1.0.1 +go: downloading github.com/leonelquinteros/gotext v1.5.0 +go: downloading github.com/Morganamilo/go-pacmanconf v0.0.0-20210502114700-cff030e927a5 +go: downloading golang.org/x/term v0.0.0-20220722155259-a9ba230a4035 +go: downloading github.com/adrg/strutil v0.3.0 +go: downloading golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab +go: downloading golang.org/x/text v0.3.7 +# math/bits +unexpected fault address 0x0 +fatal error: fault +[signal SIGSEGV: segmentation violation code=0x80 addr=0x0 pc=0xabb70a] + +goroutine 4 [running]: +runtime.throw({0xdbf491?, 0x1?}) + /usr/lib/go/src/runtime/panic.go:1047 +0x5d fp=0xc0001d7750 sp=0xc0001d7720 pc=0x4389fd +runtime.sigpanic() + /usr/lib/go/src/runtime/signal_unix.go:851 +0x28a fp=0xc0001d77b0 sp=0xc0001d7750 pc=0x44f4ea +cmd/compile/internal/ssa.ValHeap.Less({{0xc0001ae1c0, 0x4, 0x8}, {0xc0001de700, 0x28, 0x100}}, 0x8?, 0xc0001de700?) + /usr/lib/go/src/cmd/compile/internal/ssa/schedule.go:59 +0xaa fp=0xc0001d77e0 sp=0xc0001d77b0 pc=0xabb70a +cmd/compile/internal/ssa.(*ValHeap).Less(0x4?, 0x8?, 0xc0001de700?) + <autogenerated>:1 +0x77 fp=0xc0001d7860 sp=0xc0001d77e0 pc=0xad7677 +container/heap.up({0xf24240, 0xc00019eb40}, 0xc00081b370?) + /usr/lib/go/src/container/heap/heap.go:92 +0x7e fp=0xc0001d7898 sp=0xc0001d7860 pc=0x7024de +container/heap.Push({0xf24240, 0xc00019eb40}, {0xdb1f80?, 0xc00081b370?}) + /usr/lib/go/src/container/heap/heap.go:53 +0x5a fp=0xc0001d78c0 sp=0xc0001d7898 pc=0x7022da +cmd/compile/internal/ssa.schedule(0xc0004ea000) + /usr/lib/go/src/cmd/compile/internal/ssa/schedule.go:349 +0x151c fp=0xc0001d7eb0 sp=0xc0001d78c0 pc=0xabcd9c +cmd/compile/internal/ssa.Compile(0xc0004ea000) + /usr/lib/go/src/cmd/compile/internal/ssa/compile.go:97 +0x963 fp=0xc0001dbb68 sp=0xc0001d7eb0 pc=0x76bc43 +cmd/compile/internal/ssagen.buildssa(0xc00071b540, 0x2) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:572 +0x2027 fp=0xc0001dbea8 sp=0xc0001dbb68 pc=0xaf0527 +cmd/compile/internal/ssagen.Compile(0xc00071b540, 0x0?) + /usr/lib/go/src/cmd/compile/internal/ssagen/pgen.go:185 +0x4c fp=0xc0001dbf70 sp=0xc0001dbea8 pc=0xae796c +cmd/compile/internal/gc.compileFunctions.func5.1(0x0?) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:171 +0x3a fp=0xc0001dbfb0 sp=0xc0001dbf70 pc=0xcc681a +cmd/compile/internal/gc.compileFunctions.func3.1() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:153 +0x32 fp=0xc0001dbfe0 sp=0xc0001dbfb0 pc=0xcc6c52 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0001dbfe8 sp=0xc0001dbfe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions.func3 + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:152 +0x245 + +goroutine 1 [semacquire]: +runtime.gopark(0xc0000062e8?, 0xc00019a050?, 0x0?, 0xa0?, 0x4027dba128?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc0005ad968 sp=0xc0005ad948 pc=0x43b716 +runtime.goparkunlock(...) + /usr/lib/go/src/runtime/proc.go:387 +runtime.semacquire1(0xc0008c4768, 0x20?, 0x1, 0x0, 0x0?) + /usr/lib/go/src/runtime/sema.go:160 +0x20f fp=0xc0005ad9d0 sp=0xc0005ad968 pc=0x44c9af +sync.runtime_Semacquire(0xc0008b8000?) + /usr/lib/go/src/runtime/sema.go:62 +0x27 fp=0xc0005ada08 sp=0xc0005ad9d0 pc=0x46a6e7 +sync.(*WaitGroup).Wait(0xc000659800?) + /usr/lib/go/src/sync/waitgroup.go:116 +0x4b fp=0xc0005ada30 sp=0xc0005ada08 pc=0x487deb +cmd/compile/internal/gc.compileFunctions() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:183 +0x235 fp=0xc0005ada88 sp=0xc0005ada30 pc=0xcc6675 +cmd/compile/internal/gc.Main(0xdf8e28) + /usr/lib/go/src/cmd/compile/internal/gc/main.go:332 +0x13aa fp=0xc0005adf20 sp=0xc0005ada88 pc=0xcc86aa +main.main() + /usr/lib/go/src/cmd/compile/main.go:57 +0xdd fp=0xc0005adf80 sp=0xc0005adf20 pc=0xcf00bd +runtime.main() + /usr/lib/go/src/runtime/proc.go:250 +0x207 fp=0xc0005adfe0 sp=0xc0005adf80 pc=0x43b2e7 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0005adfe8 sp=0xc0005adfe0 pc=0x46e201 + +goroutine 2 [force gc (idle)]: +runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc00009afb0 sp=0xc00009af90 pc=0x43b716 +runtime.goparkunlock(...) + /usr/lib/go/src/runtime/proc.go:387 +runtime.forcegchelper() + /usr/lib/go/src/runtime/proc.go:305 +0xb0 fp=0xc00009afe0 sp=0xc00009afb0 pc=0x43b550 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00009afe8 sp=0xc00009afe0 pc=0x46e201 +created by runtime.init.6 + /usr/lib/go/src/runtime/proc.go:293 +0x25 + +goroutine 17 [GC sweep wait]: +runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc000096780 sp=0xc000096760 pc=0x43b716 +runtime.goparkunlock(...) + /usr/lib/go/src/runtime/proc.go:387 +runtime.bgsweep(0x0?) + /usr/lib/go/src/runtime/mgcsweep.go:278 +0x8e fp=0xc0000967c8 sp=0xc000096780 pc=0x425cce +runtime.gcenable.func1() + /usr/lib/go/src/runtime/mgc.go:178 +0x26 fp=0xc0000967e0 sp=0xc0000967c8 pc=0x41aee6 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000967e8 sp=0xc0000967e0 pc=0x46e201 +created by runtime.gcenable + /usr/lib/go/src/runtime/mgc.go:178 +0x6b + +goroutine 18 [GC scavenge wait]: +runtime.gopark(0xc000194000?, 0xf1ad58?, 0x1?, 0x0?, 0x0?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc000096f70 sp=0xc000096f50 pc=0x43b716 +runtime.goparkunlock(...) + /usr/lib/go/src/runtime/proc.go:387 +runtime.(*scavengerState).park(0x1487ce0) + /usr/lib/go/src/runtime/mgcscavenge.go:400 +0x53 fp=0xc000096fa0 sp=0xc000096f70 pc=0x423c13 +runtime.bgscavenge(0x0?) + /usr/lib/go/src/runtime/mgcscavenge.go:628 +0x45 fp=0xc000096fc8 sp=0xc000096fa0 pc=0x4241e5 +runtime.gcenable.func2() + /usr/lib/go/src/runtime/mgc.go:179 +0x26 fp=0xc000096fe0 sp=0xc000096fc8 pc=0x41ae86 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000096fe8 sp=0xc000096fe0 pc=0x46e201 +created by runtime.gcenable + /usr/lib/go/src/runtime/mgc.go:179 +0xaa + +goroutine 33 [finalizer wait]: +runtime.gopark(0x43ba92?, 0x4027cf9f48?, 0x0?, 0x0?, 0xc00009a770?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc00009a628 sp=0xc00009a608 pc=0x43b716 +runtime.runfinq() + /usr/lib/go/src/runtime/mfinal.go:193 +0x107 fp=0xc00009a7e0 sp=0xc00009a628 pc=0x419f27 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00009a7e8 sp=0xc00009a7e0 pc=0x46e201 +created by runtime.createfing + /usr/lib/go/src/runtime/mfinal.go:163 +0x45 + +goroutine 49 [select]: +runtime.gopark(0xc0004e6fb0?, 0x2?, 0xf0?, 0x6d?, 0xc0004e6f6c?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc0004e6da0 sp=0xc0004e6d80 pc=0x43b716 +runtime.selectgo(0xc0004e6fb0, 0xc0004e6f68, 0xc000504000?, 0x0, 0xd26040?, 0x1) + /usr/lib/go/src/runtime/select.go:327 +0x7be fp=0xc0004e6ee0 sp=0xc0004e6da0 pc=0x44b8be +cmd/compile/internal/gc.compileFunctions.func3() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:141 +0x132 fp=0xc0004e6fe0 sp=0xc0004e6ee0 pc=0xcc6a12 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0004e6fe8 sp=0xc0004e6fe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:134 +0xf8 + +goroutine 3 [runnable]: +runtime.asyncPreempt2() + /usr/lib/go/src/runtime/preempt.go:307 +0x3f fp=0xc0004f7858 sp=0xc0004f7838 pc=0x439e1f +runtime.asyncPreempt() + /usr/lib/go/src/runtime/preempt_amd64.s:53 +0xdb fp=0xc0004f79e0 sp=0xc0004f7858 pc=0x46f85b +cmd/compile/internal/ssa.is64BitInt(0xc000141480) + /usr/lib/go/src/cmd/compile/internal/ssa/rewrite.go:218 +0xa fp=0xc0004f79e8 sp=0xc0004f79e0 pc=0x7e2e8a +cmd/compile/internal/ssa.rewriteValueAMD64_OpLoad(0xc00086a458) + /usr/lib/go/src/cmd/compile/internal/ssa/rewriteAMD64.go:29312 +0x51 fp=0xc0004f7a28 sp=0xc0004f79e8 pc=0x884911 +cmd/compile/internal/ssa.rewriteValueAMD64(0xc00089f678?) + /usr/lib/go/src/cmd/compile/internal/ssa/rewriteAMD64.go:838 +0x31be fp=0xc0004f7a48 sp=0xc0004f7a28 pc=0x819bbe +cmd/compile/internal/ssa.applyRewrite(0xc0001b2000, 0xdf92a8, 0xdf9348, 0x1) + /usr/lib/go/src/cmd/compile/internal/ssa/rewrite.go:133 +0x1016 fp=0xc0004f7e80 sp=0xc0004f7a48 pc=0x7e27d6 +cmd/compile/internal/ssa.lower(0xc0001b2000?) + /usr/lib/go/src/cmd/compile/internal/ssa/lower.go:10 +0x2f fp=0xc0004f7eb0 sp=0xc0004f7e80 pc=0x7b4c4f +cmd/compile/internal/ssa.Compile(0xc0001b2000) + /usr/lib/go/src/cmd/compile/internal/ssa/compile.go:97 +0x963 fp=0xc0004fbb68 sp=0xc0004f7eb0 pc=0x76bc43 +cmd/compile/internal/ssagen.buildssa(0xc00071b900, 0x3) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:572 +0x2027 fp=0xc0004fbea8 sp=0xc0004fbb68 pc=0xaf0527 +cmd/compile/internal/ssagen.Compile(0xc00071b900, 0x0?) + /usr/lib/go/src/cmd/compile/internal/ssagen/pgen.go:185 +0x4c fp=0xc0004fbf70 sp=0xc0004fbea8 pc=0xae796c +cmd/compile/internal/gc.compileFunctions.func5.1(0x0?) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:171 +0x3a fp=0xc0004fbfb0 sp=0xc0004fbf70 pc=0xcc681a +cmd/compile/internal/gc.compileFunctions.func3.1() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:153 +0x32 fp=0xc0004fbfe0 sp=0xc0004fbfb0 pc=0xcc6c52 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0004fbfe8 sp=0xc0004fbfe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions.func3 + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:152 +0x245 + +goroutine 50 [runnable]: +cmd/compile/internal/ssa.(*Value).clobbersFlags(0xc0007ce6d8?) + /usr/lib/go/src/cmd/compile/internal/ssa/flagalloc.go:243 +0xd5 fp=0xc0000dbbf0 sp=0xc0000dbbe8 pc=0x79c375 +cmd/compile/internal/ssa.flagalloc(0xc0000ca000) + /usr/lib/go/src/cmd/compile/internal/ssa/flagalloc.go:39 +0x172a fp=0xc0000dbeb0 sp=0xc0000dbbf0 pc=0x79c0ca +cmd/compile/internal/ssa.Compile(0xc0000ca000) + /usr/lib/go/src/cmd/compile/internal/ssa/compile.go:97 +0x963 fp=0xc0000dfb68 sp=0xc0000dbeb0 pc=0x76bc43 +cmd/compile/internal/ssagen.buildssa(0xc00071ba40, 0x1) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:572 +0x2027 fp=0xc0000dfea8 sp=0xc0000dfb68 pc=0xaf0527 +cmd/compile/internal/ssagen.Compile(0xc00071ba40, 0x0?) + /usr/lib/go/src/cmd/compile/internal/ssagen/pgen.go:185 +0x4c fp=0xc0000dff70 sp=0xc0000dfea8 pc=0xae796c +cmd/compile/internal/gc.compileFunctions.func5.1(0x0?) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:171 +0x3a fp=0xc0000dffb0 sp=0xc0000dff70 pc=0xcc681a +cmd/compile/internal/gc.compileFunctions.func3.1() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:153 +0x32 fp=0xc0000dffe0 sp=0xc0000dffb0 pc=0xcc6c52 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000dffe8 sp=0xc0000dffe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions.func3 + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:152 +0x245 + +goroutine 51 [runnable]: +cmd/compile/internal/ssa.(*Value).clobbersFlags(0xc000780d90?) + /usr/lib/go/src/cmd/compile/internal/ssa/flagalloc.go:243 +0xd5 fp=0xc00091bbf0 sp=0xc00091bbe8 pc=0x79c375 +cmd/compile/internal/ssa.flagalloc(0xc000774540) + /usr/lib/go/src/cmd/compile/internal/ssa/flagalloc.go:39 +0x172a fp=0xc00091beb0 sp=0xc00091bbf0 pc=0x79c0ca +cmd/compile/internal/ssa.Compile(0xc000774540) + /usr/lib/go/src/cmd/compile/internal/ssa/compile.go:97 +0x963 fp=0xc00091fb68 sp=0xc00091beb0 pc=0x76bc43 +cmd/compile/internal/ssagen.buildssa(0xc000703900, 0x0) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:572 +0x2027 fp=0xc00091fea8 sp=0xc00091fb68 pc=0xaf0527 +cmd/compile/internal/ssagen.Compile(0xc000703900, 0x0?) + /usr/lib/go/src/cmd/compile/internal/ssagen/pgen.go:185 +0x4c fp=0xc00091ff70 sp=0xc00091fea8 pc=0xae796c +cmd/compile/internal/gc.compileFunctions.func5.1(0x0?) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:171 +0x3a fp=0xc00091ffb0 sp=0xc00091ff70 pc=0xcc681a +cmd/compile/internal/gc.compileFunctions.func3.1() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:153 +0x32 fp=0xc00091ffe0 sp=0xc00091ffb0 pc=0xcc6c52 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00091ffe8 sp=0xc00091ffe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions.func3 + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:152 +0x245 +# unicode/utf8 +unexpected fault address 0x0 +fatal error: fault +[signal SIGSEGV: segmentation violation code=0x80 addr=0x0 pc=0x411410] + +goroutine 19 [running]: +runtime.throw({0xdbf491?, 0x4000804d28?}) + /usr/lib/go/src/runtime/panic.go:1047 +0x5d fp=0xc0004f1830 sp=0xc0004f1800 pc=0x4389fd +runtime.sigpanic() + /usr/lib/go/src/runtime/signal_unix.go:851 +0x28a fp=0xc0004f1890 sp=0xc0004f1830 pc=0x44f4ea +runtime.mapaccess2_fast32(0xc0009b3c00, 0xc000562000, 0x6be729) + /usr/lib/go/src/runtime/map_fast32.go:53 +0x170 fp=0xc0004f1898 sp=0xc0004f1890 pc=0x411410 +cmd/compile/internal/ssagen.genssa(0xc000562000, 0xc000988ee0) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:6964 +0x965 fp=0xc0004f1ea8 sp=0xc0004f1898 pc=0xb27345 +cmd/compile/internal/ssagen.Compile(0xc0000fcb40, 0x0?) + /usr/lib/go/src/cmd/compile/internal/ssagen/pgen.go:195 +0x26f fp=0xc0004f1f70 sp=0xc0004f1ea8 pc=0xae7b8f +cmd/compile/internal/gc.compileFunctions.func5.1(0x0?) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:171 +0x3a fp=0xc0004f1fb0 sp=0xc0004f1f70 pc=0xcc681a +cmd/compile/internal/gc.compileFunctions.func3.1() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:153 +0x32 fp=0xc0004f1fe0 sp=0xc0004f1fb0 pc=0xcc6c52 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0004f1fe8 sp=0xc0004f1fe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions.func3 + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:152 +0x245 + +goroutine 1 [semacquire]: +runtime.gopark(0x20?, 0xd7ca20?, 0x0?, 0x60?, 0xc00003a600?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc0005a9968 sp=0xc0005a9948 pc=0x43b716 +runtime.goparkunlock(...) + /usr/lib/go/src/runtime/proc.go:387 +runtime.semacquire1(0xc0006d5a88, 0x20?, 0x1, 0x0, 0x0?) + /usr/lib/go/src/runtime/sema.go:160 +0x20f fp=0xc0005a99d0 sp=0xc0005a9968 pc=0x44c9af +sync.runtime_Semacquire(0xc0000fdb80?) + /usr/lib/go/src/runtime/sema.go:62 +0x27 fp=0xc0005a9a08 sp=0xc0005a99d0 pc=0x46a6e7 +sync.(*WaitGroup).Wait(0xc0008ca400?) + /usr/lib/go/src/sync/waitgroup.go:116 +0x4b fp=0xc0005a9a30 sp=0xc0005a9a08 pc=0x487deb +cmd/compile/internal/gc.compileFunctions() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:183 +0x235 fp=0xc0005a9a88 sp=0xc0005a9a30 pc=0xcc6675 +cmd/compile/internal/gc.Main(0xdf8e28) + /usr/lib/go/src/cmd/compile/internal/gc/main.go:332 +0x13aa fp=0xc0005a9f20 sp=0xc0005a9a88 pc=0xcc86aa +main.main() + /usr/lib/go/src/cmd/compile/main.go:57 +0xdd fp=0xc0005a9f80 sp=0xc0005a9f20 pc=0xcf00bd +runtime.main() + /usr/lib/go/src/runtime/proc.go:250 +0x207 fp=0xc0005a9fe0 sp=0xc0005a9f80 pc=0x43b2e7 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0005a9fe8 sp=0xc0005a9fe0 pc=0x46e201 + +goroutine 2 [force gc (idle)]: +runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc00009cfb0 sp=0xc00009cf90 pc=0x43b716 +runtime.goparkunlock(...) + /usr/lib/go/src/runtime/proc.go:387 +runtime.forcegchelper() + /usr/lib/go/src/runtime/proc.go:305 +0xb0 fp=0xc00009cfe0 sp=0xc00009cfb0 pc=0x43b550 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00009cfe8 sp=0xc00009cfe0 pc=0x46e201 +created by runtime.init.6 + /usr/lib/go/src/runtime/proc.go:293 +0x25 + +goroutine 3 [GC sweep wait]: +runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc00009d780 sp=0xc00009d760 pc=0x43b716 +runtime.goparkunlock(...) + /usr/lib/go/src/runtime/proc.go:387 +runtime.bgsweep(0x0?) + /usr/lib/go/src/runtime/mgcsweep.go:278 +0x8e fp=0xc00009d7c8 sp=0xc00009d780 pc=0x425cce +runtime.gcenable.func1() + /usr/lib/go/src/runtime/mgc.go:178 +0x26 fp=0xc00009d7e0 sp=0xc00009d7c8 pc=0x41aee6 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00009d7e8 sp=0xc00009d7e0 pc=0x46e201 +created by runtime.gcenable + /usr/lib/go/src/runtime/mgc.go:178 +0x6b + +goroutine 4 [GC scavenge wait]: +runtime.gopark(0xc0000380e0?, 0xf1ad58?, 0x1?, 0x0?, 0x0?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc00009df70 sp=0xc00009df50 pc=0x43b716 +runtime.goparkunlock(...) + /usr/lib/go/src/runtime/proc.go:387 +runtime.(*scavengerState).park(0x1487ce0) + /usr/lib/go/src/runtime/mgcscavenge.go:400 +0x53 fp=0xc00009dfa0 sp=0xc00009df70 pc=0x423c13 +runtime.bgscavenge(0x0?) + /usr/lib/go/src/runtime/mgcscavenge.go:628 +0x45 fp=0xc00009dfc8 sp=0xc00009dfa0 pc=0x4241e5 +runtime.gcenable.func2() + /usr/lib/go/src/runtime/mgc.go:179 +0x26 fp=0xc00009dfe0 sp=0xc00009dfc8 pc=0x41ae86 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00009dfe8 sp=0xc00009dfe0 pc=0x46e201 +created by runtime.gcenable + /usr/lib/go/src/runtime/mgc.go:179 +0xaa + +goroutine 17 [finalizer wait]: +runtime.gopark(0x43ba92?, 0x4027cf9fe8?, 0x0?, 0x0?, 0xc00009c770?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc00009c628 sp=0xc00009c608 pc=0x43b716 +runtime.runfinq() + /usr/lib/go/src/runtime/mfinal.go:193 +0x107 fp=0xc00009c7e0 sp=0xc00009c628 pc=0x419f27 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00009c7e8 sp=0xc00009c7e0 pc=0x46e201 +created by runtime.createfing + /usr/lib/go/src/runtime/mfinal.go:163 +0x45 + +goroutine 49 [runnable]: +runtime.asyncPreempt2() + /usr/lib/go/src/runtime/preempt.go:307 +0x3f fp=0xc0009c1308 sp=0xc0009c12e8 pc=0x439e1f +runtime.asyncPreempt() + /usr/lib/go/src/runtime/preempt_amd64.s:53 +0xdb fp=0xc0009c1490 sp=0xc0009c1308 pc=0x46f85b +cmd/compile/internal/ssa.PopulateABIInRegArgOps(0xc000754700) + /usr/lib/go/src/cmd/compile/internal/ssa/debug.go:436 +0x57 fp=0xc0009c16f0 sp=0xc0009c1490 pc=0x779bb7 +cmd/compile/internal/ssa.BuildFuncDebug(0xc00041e5a0?, 0xc000754700, 0xc000000049?, 0xa?, 0xc00098c000) + /usr/lib/go/src/cmd/compile/internal/ssa/debug.go:578 +0x1d6 fp=0xc0009c1898 sp=0xc0009c16f0 pc=0x77adb6 +cmd/compile/internal/ssagen.genssa(0xc000754700, 0xc0004bfce0) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:7157 +0xf2b fp=0xc0009c1ea8 sp=0xc0009c1898 pc=0xb2790b +cmd/compile/internal/ssagen.Compile(0xc0000fc8c0, 0x0?) + /usr/lib/go/src/cmd/compile/internal/ssagen/pgen.go:195 +0x26f fp=0xc0009c1f70 sp=0xc0009c1ea8 pc=0xae7b8f +cmd/compile/internal/gc.compileFunctions.func5.1(0x0?) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:171 +0x3a fp=0xc0009c1fb0 sp=0xc0009c1f70 pc=0xcc681a +cmd/compile/internal/gc.compileFunctions.func3.1() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:153 +0x32 fp=0xc0009c1fe0 sp=0xc0009c1fb0 pc=0xcc6c52 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0009c1fe8 sp=0xc0009c1fe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions.func3 + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:152 +0x245 + +goroutine 5 [select]: +runtime.gopark(0xc00009e7b0?, 0x2?, 0xf0?, 0xe5?, 0xc00009e76c?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc00009e5a0 sp=0xc00009e580 pc=0x43b716 +runtime.selectgo(0xc00009e7b0, 0xc00009e768, 0x0?, 0x0, 0xd26040?, 0x1) + /usr/lib/go/src/runtime/select.go:327 +0x7be fp=0xc00009e6e0 sp=0xc00009e5a0 pc=0x44b8be +cmd/compile/internal/gc.compileFunctions.func3() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:141 +0x132 fp=0xc00009e7e0 sp=0xc00009e6e0 pc=0xcc6a12 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00009e7e8 sp=0xc00009e7e0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:134 +0xf8 + +goroutine 50 [runnable]: +runtime.asyncPreempt2() + /usr/lib/go/src/runtime/preempt.go:307 +0x3f fp=0xc0001cd308 sp=0xc0001cd2e8 pc=0x439e1f +runtime.asyncPreempt() + /usr/lib/go/src/runtime/preempt_amd64.s:53 +0xdb fp=0xc0001cd490 sp=0xc0001cd308 pc=0x46f85b +cmd/compile/internal/ssa.PopulateABIInRegArgOps(0xc000192000) + /usr/lib/go/src/cmd/compile/internal/ssa/debug.go:436 +0x57 fp=0xc0001cd6f0 sp=0xc0001cd490 pc=0x779bb7 +cmd/compile/internal/ssa.BuildFuncDebug(0xc0001a65a0?, 0xc000192000, 0xc000000049?, 0x12?, 0xc0001a4000) + /usr/lib/go/src/cmd/compile/internal/ssa/debug.go:578 +0x1d6 fp=0xc0001cd898 sp=0xc0001cd6f0 pc=0x77adb6 +cmd/compile/internal/ssagen.genssa(0xc000192000, 0xc00019f260) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:7157 +0xf2b fp=0xc0001cdea8 sp=0xc0001cd898 pc=0xb2790b +cmd/compile/internal/ssagen.Compile(0xc0000fca00, 0x0?) + /usr/lib/go/src/cmd/compile/internal/ssagen/pgen.go:195 +0x26f fp=0xc0001cdf70 sp=0xc0001cdea8 pc=0xae7b8f +cmd/compile/internal/gc.compileFunctions.func5.1(0x0?) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:171 +0x3a fp=0xc0001cdfb0 sp=0xc0001cdf70 pc=0xcc681a +cmd/compile/internal/gc.compileFunctions.func3.1() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:153 +0x32 fp=0xc0001cdfe0 sp=0xc0001cdfb0 pc=0xcc6c52 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0001cdfe8 sp=0xc0001cdfe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions.func3 + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:152 +0x245 + +goroutine 20 [runnable]: +runtime.asyncPreempt2() + /usr/lib/go/src/runtime/preempt.go:307 +0x3f fp=0xc0008e10f8 sp=0xc0008e10d8 pc=0x439e1f +runtime.asyncPreempt() + /usr/lib/go/src/runtime/preempt_amd64.s:53 +0xdb fp=0xc0008e1280 sp=0xc0008e10f8 pc=0x46f85b +cmd/compile/internal/ssagen.AddrAuto(0xc000201ed0, 0x81308171a15?) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:7649 +0x94 fp=0xc0008e12a8 sp=0xc0008e1280 pc=0xb2d9d4 +cmd/compile/internal/amd64.ssaGenValue(0xc0008bec60, 0xc000781ab0) + /usr/lib/go/src/cmd/compile/internal/amd64/ssa.go:1037 +0x13dc fp=0xc0008e1898 sp=0xc0008e12a8 pc=0xb3d6bc +cmd/compile/internal/ssagen.genssa(0xc0004e4000, 0xc0008e8070) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:7024 +0x3ff8 fp=0xc0008e1ea8 sp=0xc0008e1898 pc=0xb2a9d8 +cmd/compile/internal/ssagen.Compile(0xc0000fcc80, 0x0?) + /usr/lib/go/src/cmd/compile/internal/ssagen/pgen.go:195 +0x26f fp=0xc0008e1f70 sp=0xc0008e1ea8 pc=0xae7b8f +cmd/compile/internal/gc.compileFunctions.func5.1(0x0?) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:171 +0x3a fp=0xc0008e1fb0 sp=0xc0008e1f70 pc=0xcc681a +cmd/compile/internal/gc.compileFunctions.func3.1() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:153 +0x32 fp=0xc0008e1fe0 sp=0xc0008e1fb0 pc=0xcc6c52 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0008e1fe8 sp=0xc0008e1fe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions.func3 + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:152 +0x245 +# internal/reflectlite +unexpected fault address 0x0 +fatal error: fault +[signal SIGSEGV: segmentation violation code=0x80 addr=0x0 pc=0x66b360] + +goroutine 6 [running]: +runtime.throw({0xdbf491?, 0x8?}) + /usr/lib/go/src/runtime/panic.go:1047 +0x5d fp=0xc0000dc720 sp=0xc0000dc6f0 pc=0x4389fd +runtime.sigpanic() + /usr/lib/go/src/runtime/signal_unix.go:851 +0x28a fp=0xc0000dc780 sp=0xc0000dc720 pc=0x44f4ea +cmd/compile/internal/abi.(*assignState).regAllocate(0xc0000dc7a0, 0x41b2b1, {0x14cdd40, 0xc0000dc808}, 0xa8) + /usr/lib/go/src/cmd/compile/internal/abi/abiutils.go:607 fp=0xc0000dc788 sp=0xc0000dc780 pc=0x66b360 +cmd/compile/internal/abi.(*assignState).assignParamOrReturn(0xc0000dc8a8, 0xc0008977a0, {0xf23198, 0xc000a0b080}, 0x20?) + /usr/lib/go/src/cmd/compile/internal/abi/abiutils.go:777 +0x165 fp=0xc0000dc840 sp=0xc0000dc788 pc=0x66bae5 +cmd/compile/internal/abi.(*ABIConfig).ABIAnalyzeFuncType(0xc0000bca60, 0xc00089b710) + /usr/lib/go/src/cmd/compile/internal/abi/abiutils.go:404 +0x3d7 fp=0xc0000dc9f8 sp=0xc0000dc840 pc=0x669a17 +cmd/compile/internal/abi.(*ABIConfig).ABIAnalyze(0xd41a80?, 0xc0000d0600?, 0x0?) + /usr/lib/go/src/cmd/compile/internal/abi/abiutils.go:432 +0x5d fp=0xc0000dcb68 sp=0xc0000dc9f8 pc=0x669e7d +cmd/compile/internal/ssagen.buildssa(0xc0008cc500, 0x1) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:455 +0x1209 fp=0xc0000dcea8 sp=0xc0000dcb68 pc=0xaef709 +cmd/compile/internal/ssagen.Compile(0xc0008cc500, 0x0?) + /usr/lib/go/src/cmd/compile/internal/ssagen/pgen.go:185 +0x4c fp=0xc0000dcf70 sp=0xc0000dcea8 pc=0xae796c +cmd/compile/internal/gc.compileFunctions.func5.1(0x0?) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:171 +0x3a fp=0xc0000dcfb0 sp=0xc0000dcf70 pc=0xcc681a +cmd/compile/internal/gc.compileFunctions.func3.1() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:153 +0x32 fp=0xc0000dcfe0 sp=0xc0000dcfb0 pc=0xcc6c52 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000dcfe8 sp=0xc0000dcfe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions.func3 + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:152 +0x245 + +goroutine 1 [runnable]: +runtime.gopark(0xc0000be000?, 0xc0004edec0?, 0xb0?, 0x99?, 0xc000739978?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc000739910 sp=0xc0007398f0 pc=0x43b716 +runtime.chansend(0xc000d540c0, 0xc0007399e8, 0x1, 0xc0007399d8?) + /usr/lib/go/src/runtime/chan.go:259 +0x42e fp=0xc000739998 sp=0xc000739910 pc=0x40602e +runtime.chansend1(0xd7ca20?, 0x4000803501?) + /usr/lib/go/src/runtime/chan.go:145 +0x1d fp=0xc0007399c8 sp=0xc000739998 pc=0x405bdd +cmd/compile/internal/gc.compileFunctions.func4(0xc00180cc40) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:160 +0x27 fp=0xc0007399e8 sp=0xc0007399c8 pc=0xcc68a7 +cmd/compile/internal/gc.compileFunctions.func5({0xc001099500, 0x222, 0x350?}) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:170 +0x53 fp=0xc000739a30 sp=0xc0007399e8 pc=0xcc6713 +cmd/compile/internal/gc.compileFunctions() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:181 +0x1ff fp=0xc000739a88 sp=0xc000739a30 pc=0xcc663f +cmd/compile/internal/gc.Main(0xdf8e28) + /usr/lib/go/src/cmd/compile/internal/gc/main.go:332 +0x13aa fp=0xc000739f20 sp=0xc000739a88 pc=0xcc86aa +main.main() + /usr/lib/go/src/cmd/compile/main.go:57 +0xdd fp=0xc000739f80 sp=0xc000739f20 pc=0xcf00bd +runtime.main() + /usr/lib/go/src/runtime/proc.go:250 +0x207 fp=0xc000739fe0 sp=0xc000739f80 pc=0x43b2e7 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000739fe8 sp=0xc000739fe0 pc=0x46e201 + +goroutine 2 [force gc (idle)]: +runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc00009cfb0 sp=0xc00009cf90 pc=0x43b716 +runtime.goparkunlock(...) + /usr/lib/go/src/runtime/proc.go:387 +runtime.forcegchelper() + /usr/lib/go/src/runtime/proc.go:305 +0xb0 fp=0xc00009cfe0 sp=0xc00009cfb0 pc=0x43b550 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00009cfe8 sp=0xc00009cfe0 pc=0x46e201 +created by runtime.init.6 + /usr/lib/go/src/runtime/proc.go:293 +0x25 + +goroutine 3 [GC sweep wait]: +runtime.gopark(0x0?, 0x0?, 0x0?, 0x0?, 0x0?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc00009d780 sp=0xc00009d760 pc=0x43b716 +runtime.goparkunlock(...) + /usr/lib/go/src/runtime/proc.go:387 +runtime.bgsweep(0x0?) + /usr/lib/go/src/runtime/mgcsweep.go:278 +0x8e fp=0xc00009d7c8 sp=0xc00009d780 pc=0x425cce +runtime.gcenable.func1() + /usr/lib/go/src/runtime/mgc.go:178 +0x26 fp=0xc00009d7e0 sp=0xc00009d7c8 pc=0x41aee6 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00009d7e8 sp=0xc00009d7e0 pc=0x46e201 +created by runtime.gcenable + /usr/lib/go/src/runtime/mgc.go:178 +0x6b + +goroutine 4 [GC scavenge wait]: +runtime.gopark(0xc0000380e0?, 0xf1ad58?, 0x1?, 0x0?, 0x0?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc00009df70 sp=0xc00009df50 pc=0x43b716 +runtime.goparkunlock(...) + /usr/lib/go/src/runtime/proc.go:387 +runtime.(*scavengerState).park(0x1487ce0) + /usr/lib/go/src/runtime/mgcscavenge.go:400 +0x53 fp=0xc00009dfa0 sp=0xc00009df70 pc=0x423c13 +runtime.bgscavenge(0x0?) + /usr/lib/go/src/runtime/mgcscavenge.go:628 +0x45 fp=0xc00009dfc8 sp=0xc00009dfa0 pc=0x4241e5 +runtime.gcenable.func2() + /usr/lib/go/src/runtime/mgc.go:179 +0x26 fp=0xc00009dfe0 sp=0xc00009dfc8 pc=0x41ae86 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00009dfe8 sp=0xc00009dfe0 pc=0x46e201 +created by runtime.gcenable + /usr/lib/go/src/runtime/mgc.go:179 +0xaa + +goroutine 17 [finalizer wait]: +runtime.gopark(0x43ba92?, 0x4027d38828?, 0x0?, 0x0?, 0xc00009c770?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc00009c628 sp=0xc00009c608 pc=0x43b716 +runtime.runfinq() + /usr/lib/go/src/runtime/mfinal.go:193 +0x107 fp=0xc00009c7e0 sp=0xc00009c628 pc=0x419f27 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc00009c7e8 sp=0xc00009c7e0 pc=0x46e201 +created by runtime.createfing + /usr/lib/go/src/runtime/mfinal.go:163 +0x45 + +goroutine 5 [runnable]: +runtime.asyncPreempt2() + /usr/lib/go/src/runtime/preempt.go:307 +0x3f fp=0xc000194658 sp=0xc000194638 pc=0x439e1f +runtime.asyncPreempt() + /usr/lib/go/src/runtime/preempt_amd64.s:53 +0xdb fp=0xc0001947e0 sp=0xc000194658 pc=0x46f85b +cmd/compile/internal/ssagen.(*state).stmt(0xc0001fe500, {0xf2a400, 0xc000a990a0?}) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:1432 +0xbb fp=0xc000194b68 sp=0xc0001947e0 pc=0xaf509b +cmd/compile/internal/ssagen.(*state).stmtList(...) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:1421 +cmd/compile/internal/ssagen.buildssa(0xc0005d9540, 0x2) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:552 +0x1ee6 fp=0xc000194ea8 sp=0xc000194b68 pc=0xaf03e6 +cmd/compile/internal/ssagen.Compile(0xc0005d9540, 0x0?) + /usr/lib/go/src/cmd/compile/internal/ssagen/pgen.go:185 +0x4c fp=0xc000194f70 sp=0xc000194ea8 pc=0xae796c +cmd/compile/internal/gc.compileFunctions.func5.1(0x0?) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:171 +0x3a fp=0xc000194fb0 sp=0xc000194f70 pc=0xcc681a +cmd/compile/internal/gc.compileFunctions.func3.1() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:153 +0x32 fp=0xc000194fe0 sp=0xc000194fb0 pc=0xcc6c52 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc000194fe8 sp=0xc000194fe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions.func3 + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:152 +0x245 + +goroutine 33 [select]: +runtime.gopark(0xc0000997b0?, 0x2?, 0xf0?, 0x95?, 0xc00009976c?) + /usr/lib/go/src/runtime/proc.go:381 +0xd6 fp=0xc0000995a0 sp=0xc000099580 pc=0x43b716 +runtime.selectgo(0xc0000997b0, 0xc000099768, 0xc000110000?, 0x0, 0xd26040?, 0x1) + /usr/lib/go/src/runtime/select.go:327 +0x7be fp=0xc0000996e0 sp=0xc0000995a0 pc=0x44b8be +cmd/compile/internal/gc.compileFunctions.func3() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:141 +0x132 fp=0xc0000997e0 sp=0xc0000996e0 pc=0xcc6a12 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000997e8 sp=0xc0000997e0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:134 +0xf8 + +goroutine 22 [runnable]: +runtime.asyncPreempt2() + /usr/lib/go/src/runtime/preempt.go:307 +0x3f fp=0xc0000ad2d0 sp=0xc0000ad2b0 pc=0x439e1f +runtime.asyncPreempt() + /usr/lib/go/src/runtime/preempt_amd64.s:53 +0xdb fp=0xc0000ad458 sp=0xc0000ad2d0 pc=0x46f85b +cmd/compile/internal/ssagen.(*state).stmt(0xc0016ada00, {0xf295c0, 0xc00134d450?}) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:1455 +0x19a fp=0xc0000ad7e0 sp=0xc0000ad458 pc=0xaf517a +cmd/compile/internal/ssagen.(*state).stmtList(...) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:1421 +cmd/compile/internal/ssagen.(*state).stmt(0xc0016ada00, {0xf29800, 0xc0013eebc0?}) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:1441 +0x45e5 fp=0xc0000adb68 sp=0xc0000ad7e0 pc=0xaf95c5 +cmd/compile/internal/ssagen.(*state).stmtList(...) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:1421 +cmd/compile/internal/ssagen.buildssa(0xc0005d8b40, 0x3) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:552 +0x1ee6 fp=0xc0000adea8 sp=0xc0000adb68 pc=0xaf03e6 +cmd/compile/internal/ssagen.Compile(0xc0005d8b40, 0x0?) + /usr/lib/go/src/cmd/compile/internal/ssagen/pgen.go:185 +0x4c fp=0xc0000adf70 sp=0xc0000adea8 pc=0xae796c +cmd/compile/internal/gc.compileFunctions.func5.1(0x0?) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:171 +0x3a fp=0xc0000adfb0 sp=0xc0000adf70 pc=0xcc681a +cmd/compile/internal/gc.compileFunctions.func3.1() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:153 +0x32 fp=0xc0000adfe0 sp=0xc0000adfb0 pc=0xcc6c52 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc0000adfe8 sp=0xc0000adfe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions.func3 + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:152 +0x245 + +goroutine 49 [runnable]: +runtime.asyncPreempt2() + /usr/lib/go/src/runtime/preempt.go:307 +0x3f fp=0xc0017932d0 sp=0xc0017932b0 pc=0x439e1f +runtime.asyncPreempt() + /usr/lib/go/src/runtime/preempt_amd64.s:53 +0xdb fp=0xc001793458 sp=0xc0017932d0 pc=0x46f85b +cmd/compile/internal/ssagen.(*state).stmt(0xc001794000, {0xf295c0, 0xc00140a960?}) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:1455 +0x19a fp=0xc0017937e0 sp=0xc001793458 pc=0xaf517a +cmd/compile/internal/ssagen.(*state).stmtList(...) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:1421 +cmd/compile/internal/ssagen.(*state).stmt(0xc001794000, {0xf2a400, 0xc000a92a10?}) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:1436 +0x150 fp=0xc001793b68 sp=0xc0017937e0 pc=0xaf5130 +cmd/compile/internal/ssagen.(*state).stmtList(...) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:1421 +cmd/compile/internal/ssagen.buildssa(0xc0005d9680, 0x0) + /usr/lib/go/src/cmd/compile/internal/ssagen/ssa.go:552 +0x1ee6 fp=0xc001793ea8 sp=0xc001793b68 pc=0xaf03e6 +cmd/compile/internal/ssagen.Compile(0xc0005d9680, 0x0?) + /usr/lib/go/src/cmd/compile/internal/ssagen/pgen.go:185 +0x4c fp=0xc001793f70 sp=0xc001793ea8 pc=0xae796c +cmd/compile/internal/gc.compileFunctions.func5.1(0x0?) + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:171 +0x3a fp=0xc001793fb0 sp=0xc001793f70 pc=0xcc681a +cmd/compile/internal/gc.compileFunctions.func3.1() + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:153 +0x32 fp=0xc001793fe0 sp=0xc001793fb0 pc=0xcc6c52 +runtime.goexit() + /usr/lib/go/src/runtime/asm_amd64.s:1598 +0x1 fp=0xc001793fe8 sp=0xc001793fe0 pc=0x46e201 +created by cmd/compile/internal/gc.compileFunctions.func3 + /usr/lib/go/src/cmd/compile/internal/gc/compile.go:152 +0x245 +``` +Steps to reproduce: +1. Create an Arch Linux chroot from a bootstrap tarball: https://wiki.archlinux.org/title/Install_Arch_Linux_from_existing_Linux#Method_A:_Using_the_bootstrap_tarball_(recommended) +2. Chroot into it using the following script: +``` +#!/bin/bash + +basedir="/home/niko/chroots/arch-x86_64" +cp /etc/resolv.conf ${basedir}/etc/ +cp /usr/bin/qemu-x86_64 ${basedir}/usr/bin/ +sed -i 's!#Server = http://archlinux.mirror.garr.it/archlinux/$repo/os/$arch!Server = http://archlinux.mirror.garr.it/archlinux/$repo/os/$a> +mount --make-slave --bind ${basedir} ${basedir} +mount -t proc none ${basedir}/proc +mount -t sysfs none ${basedir}/sys/ +mount --make-rslave --rbind /dev ${basedir}/dev +mount --make-rslave --rbind /run ${basedir}/run +chroot ${basedir} /bin/bash +sleep 3 +umount -R ${basedir}/run +umount -R ${basedir}/dev +umount ${basedir}/sys +umount ${basedir}/proc +umount ${basedir} +mount | grep chroots | grep arch-x86_64 | grep -v snap +``` +3. Initialize pacaman keyring and update system: +``` +# pacman-key --init +# pacman-key --populate +# pacman -Syu +``` +4. Download the yay `PKGBUILD` from the AUR (https://aur.archlinux.org/cgit/aur.git/plain/PKGBUILD?h=yay) and run `makepkg -s` +5. Wait for the crash. +Additional information: +``` +Wed 2023-02-15 17:03:22 CET 495600 1000 1000 SIGILL present /home/niko/chroots/arch-x86_64/usr/bin/qemu-x86_64 > +Wed 2023-02-15 17:11:25 CET 509058 1000 1000 SIGSEGV present /home/niko/chroots/arch-x86_64/usr/bin/qemu-x86_64 > +talos2 ~ # coredumpctl gdb 495600 + PID: 495600 (go) + UID: 1000 (niko) + GID: 1000 (niko) + Signal: 4 (ILL) + Timestamp: Wed 2023-02-15 17:03:21 CET (13min ago) + Command Line: /usr/bin/qemu-x86_64 /usr/bin/go build -trimpath -mod=readonly -modcacherw -ldflags $'-X "main.yayVersion=11.3.2" -X "main.localePath=/usr/share/locale/" -linkmode=external' -buildmode=pie -o yay + Executable: /home/niko/chroots/arch-x86_64/usr/bin/qemu-x86_64 + Control Group: /user.slice/user-1000.slice/user@1000.service/session.slice/vte-spawn-a3a4897b-7df3-4b3e-a8fc-91898d4e7b51.scope + Unit: user@1000.service + User Unit: vte-spawn-a3a4897b-7df3-4b3e-a8fc-91898d4e7b51.scope + Slice: user-1000.slice + Owner UID: 1000 (niko) + Boot ID: 33cad872d21043ebbe3dd6581bdd28c6 + Machine ID: b3e834569b8ff461391f5ac061feb773 + Hostname: talos2 + Storage: /var/lib/systemd/coredump/core.go.1000.33cad872d21043ebbe3dd6581bdd28c6.495600.1676477001000000.zst (present) + Size on Disk: 7.4M + Message: Process 495600 (go) of user 1000 dumped core. + +GNU gdb (Gentoo 12.1 vanilla) 12.1 +Copyright (C) 2022 Free Software Foundation, Inc. +License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. +Type "show copying" and "show warranty" for details. +This GDB was configured as "powerpc64le-unknown-linux-gnu". +Type "show configuration" for configuration details. +For bug reporting instructions, please see: +<https://bugs.gentoo.org/>. +Find the GDB manual and other documentation resources online at: + <http://www.gnu.org/software/gdb/documentation/>. + +For help, type "help". +Type "apropos word" to search for commands related to "word"... +Reading symbols from /home/niko/chroots/arch-x86_64/usr/bin/qemu-x86_64... +BFD: warning: /var/tmp/coredump-8CHpqc: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0000002 +BFD: warning: /var/tmp/coredump-8CHpqc: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001 +BFD: warning: /var/tmp/coredump-8CHpqc: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002 + +warning: Can't open file /usr/lib/ld-linux-x86-64.so.2 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libresolv.so.2 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libc.so.6 during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/f2/f2133743f1bb49d82c152c57fea6c71755a865029a19ff845dd27e420f5fa0be-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/89/89e115246dee235465b64002c5ab8a7df3a3f1b776d78dab9cd937c4892860a0-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/79/791d1887c70eed91dc52577c14310590649cb307ef557d46d8cc10df4704a957-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/86/86d5a3a0121a98ed0805aa57bc14d0bd85178c04054816d99495336d86c5bf5f-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/31/31d19f3051c8985f29f85ea43d9445e4b848c58a17a79d4e726280a9bced5743-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/79/79d75d9215f18cbef6b6a66468f78efd92edc13f7093f600b1552032732410aa-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/bc/bcdca8f344789eb190a1124fe919aa975d08f07250bfc6d780b0ae0cc28092fe-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/86/86e73e7b053ab6e1e1d149b5d1bbba621bfc3d0bbc66ec6310c072c82a7221e7-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/b1/b12eb8399331175352cb92b971280ba5c0c501c6ffa5c330921c3c0667c5f199-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/32/3264d3f95a5e2e731c952060b0cd4cb3bc37ff884513397336d40c935d098e5b-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/19/1977592d2d60e1dd1025609428d04f6cc17283759aae0c97bd8f35e8a341679b-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/a9/a9b261a012c19401c1fd78154a20f58bb7778e731e17f903eb3fe8ed3a5ddd59-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/96/9697f94a563c1bd04db2a82ac1770821f97548911f616dd1149bb87d0f48d65b-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/56/56e54c1dc0b6bee517915ce0bdf694a3b94f4de88b2cabb987b645e1255594fb-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/7e/7e9d9d14f25fe76951999c17680e09a181c5f14c9c4f30fe6bff8d0d669590c3-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/f4/f431652315a861a2a85b47ae12cfc99734b3db4754aa35c9158254e4ba3507c0-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/1c/1c51052ad1af6b1a1575f9bbc3f4616ed673578a285ae9a29f5548eed68c05dd-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/be/be3037525f021f1d7e2e8499d3dcc0f44be39adf70eb91979c96db3e5645bcf1-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/55/557fa6c4030abc2d7b6407ce3093ae5772939f1a2595be09dd670ecd1c5ec8f2-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/69/69a73f1b9f395cf4a1666dde8d7971a0bd9313fbfa55a5109eb02e59b301be09-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/ab/abc0750a5bd45b2346aa5bc87092f67207e9436307e3e32cb470952f87d13fb6-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/da/dadc71547f56ab68eccefd0d571599f99739a3d75acc444d97829d6ab62a6922-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/91/915619420aacc3b5964e7537365661258ab52ec44fb7ab29790258822c793de5-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/68/6834d594cb4ffe53979a0c4611bb5200e6e0c580acb42f4383ed2fb6a93d758d-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/c6/c6ccbc76ef432925fc1a5ea22ab750ac591f3e8983d2f33f54b01c799e3a274d-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/89/893c62418d079bf692b5ff17db226ae3d0fefdc87cbd0c64f30c437677a288ec-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/d8/d8666c5d7807c5a08b30f2278a1efd691c188804b3090704bd0b3f8ef06c40d9-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/d4/d401ca16783c19ff776f35305023173b63e2610e313b9a793734af80afda4e83-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/d0/d0593989dbf79e26b8bf6705325c6b44044e560a22c3ab81d320c67dcd97f1eb-d during file-backed mapping note processing + +warning: Can't open file /home/niko/.cache/go-build/57/572953ae015634b922f88b0191804a949206100adb6bd2454db615e2774dbe30-d during file-backed mapping note processing + +warning: Can't open file /usr/lib/libnss_mymachines.so.2 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libcap.so.2.67 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libgcc_s.so.1 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libnss_resolve.so.2 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libm.so.6 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libnss_myhostname.so.2 during file-backed mapping note processing + +warning: core file may not match specified executable file. +[New LWP 495627] +[New LWP 495604] +[New LWP 495603] +[New LWP 495614] +[New LWP 495602] +[New LWP 495610] +[New LWP 495618] +[New LWP 495606] +[New LWP 495621] +[New LWP 495608] +[New LWP 495612] +[New LWP 495629] +[New LWP 495615] +[New LWP 495622] +[New LWP 495600] +[New LWP 495605] +[New LWP 495623] +[New LWP 495630] +[New LWP 495616] +[New LWP 495633] +[New LWP 495634] +[New LWP 495635] +[New LWP 495636] +[New LWP 495637] +[New LWP 495632] +[New LWP 495609] +[New LWP 495620] +[New LWP 495617] +[New LWP 495624] +[New LWP 495628] +[New LWP 495625] +[New LWP 495607] +[New LWP 495613] +[New LWP 495626] +[New LWP 495619] +[New LWP 495611] +[New LWP 495631] +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/usr/lib64/libthread_db.so.1". +Core was generated by `/usr/bin/qemu-x86_64 /usr/bin/go build -trimpath -mod=readonly -modcacherw -ldf'. +Program terminated with signal SIGILL, Illegal instruction. +#0 0x00003fff9d5d7284 in code_gen_buffer () +[Current thread is 1 (Thread 0x3fff4bf3c380 (LWP 495627))] +(gdb) info threads + Id Target Id Frame +* 1 Thread 0x3fff4bf3c380 (LWP 495627) 0x00003fff9d5d7284 in code_gen_buffer () + 2 Thread 0x3fffa85ec380 (LWP 495604) 0x000000001029ba2c in __lll_lock_wait () + 3 Thread 0x3fffa862d380 (LWP 495603) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 4 Thread 0x3fffa8362380 (LWP 495614) 0x00000000100ef210 in tb_jmp_cache_get_tb (hash=3271, jc=0x3fff6c00c5c0) + at ../accel/tcg/tb-jmp-cache.h:38 + 5 Thread 0x3fffa8eaf380 (LWP 495602) 0x00000000102cf6ec in syscall () + 6 Thread 0x3fffa8466380 (LWP 495610) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 7 Thread 0x3fffa815d380 (LWP 495618) 0x00000000101e07c8 in g_hash_table_lookup () + 8 Thread 0x3fffa856a380 (LWP 495606) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 9 Thread 0x3fffa809a380 (LWP 495621) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 10 Thread 0x3fffa84e8380 (LWP 495608) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 11 Thread 0x3fffa83e4380 (LWP 495612) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 12 Thread 0x3fff4beba380 (LWP 495629) 0x00003fff9c1c84b8 in code_gen_buffer () + 13 Thread 0x3fffa8321380 (LWP 495615) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 14 Thread 0x3fffa86ae380 (LWP 495622) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 15 Thread 0x200f4000 (LWP 495600) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 16 Thread 0x3fffa85ab380 (LWP 495605) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 17 Thread 0x3fffa8059380 (LWP 495623) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 18 Thread 0x3fff4be79380 (LWP 495630) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 19 Thread 0x3fffa82e0380 (LWP 495616) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 20 Thread 0x3fff4bdb6380 (LWP 495633) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 21 Thread 0x3fff4bd75380 (LWP 495634) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 22 Thread 0x3fff4bd34380 (LWP 495635) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 23 Thread 0x3fff4bcf3380 (LWP 495636) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 24 Thread 0x3fff4bcb2380 (LWP 495637) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 25 Thread 0x3fff4bdf7380 (LWP 495632) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 26 Thread 0x3fffa84a7380 (LWP 495609) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 27 Thread 0x3fffa80db380 (LWP 495620) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 28 Thread 0x3fffa829f380 (LWP 495617) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 29 Thread 0x3fff4bfff380 (LWP 495624) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 30 Thread 0x3fff4befb380 (LWP 495628) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 31 Thread 0x3fff4bfbe380 (LWP 495625) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 32 Thread 0x3fffa8529380 (LWP 495607) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 33 Thread 0x3fffa83a3380 (LWP 495613) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 34 Thread 0x3fff4bf7d380 (LWP 495626) 0x00003fff9d5d7284 in code_gen_buffer () + 35 Thread 0x3fffa811c380 (LWP 495619) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 36 Thread 0x3fffa8425380 (LWP 495611) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 + 37 Thread 0x3fff4be38380 (LWP 495631) safe_syscall_base () at ../common-user/host/ppc64/safe-syscall.inc.S:75 +(gdb) quit +talos2 ~ # coredumpctl gdb 509058 + PID: 509058 (make) + UID: 1000 (niko) + GID: 1000 (niko) + Signal: 11 (SEGV) + Timestamp: Wed 2023-02-15 17:11:24 CET (6min ago) + Command Line: /usr/bin/qemu-x86_64 /usr/bin/make VERSION=11.3.2 DESTDIR=/home/niko/devel/yay/pkg/yay PREFIX=/usr build + Executable: /home/niko/chroots/arch-x86_64/usr/bin/qemu-x86_64 + Control Group: /user.slice/user-1000.slice/user@1000.service/session.slice/vte-spawn-a3a4897b-7df3-4b3e-a8fc-91898d4e7b51.scope + Unit: user@1000.service + User Unit: vte-spawn-a3a4897b-7df3-4b3e-a8fc-91898d4e7b51.scope + Slice: user-1000.slice + Owner UID: 1000 (niko) + Boot ID: 33cad872d21043ebbe3dd6581bdd28c6 + Machine ID: b3e834569b8ff461391f5ac061feb773 + Hostname: talos2 + Storage: /var/lib/systemd/coredump/core.make.1000.33cad872d21043ebbe3dd6581bdd28c6.509058.1676477484000000.zst (present) + Size on Disk: 1.0M + Message: Process 509058 (make) of user 1000 dumped core. + +GNU gdb (Gentoo 12.1 vanilla) 12.1 +Copyright (C) 2022 Free Software Foundation, Inc. +License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> +This is free software: you are free to change and redistribute it. +There is NO WARRANTY, to the extent permitted by law. +Type "show copying" and "show warranty" for details. +This GDB was configured as "powerpc64le-unknown-linux-gnu". +Type "show configuration" for configuration details. +For bug reporting instructions, please see: +<https://bugs.gentoo.org/>. +Find the GDB manual and other documentation resources online at: + <http://www.gnu.org/software/gdb/documentation/>. + +For help, type "help". +Type "apropos word" to search for commands related to "word"... +Reading symbols from /home/niko/chroots/arch-x86_64/usr/bin/qemu-x86_64... +BFD: warning: /var/tmp/coredump-jyYs2x: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0000002 +BFD: warning: /var/tmp/coredump-jyYs2x: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0008002 +BFD: warning: /var/tmp/coredump-jyYs2x: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010001 +BFD: warning: /var/tmp/coredump-jyYs2x: unsupported GNU_PROPERTY_TYPE (5) type: 0xc0010002 + +warning: Can't open file /usr/lib/ld-linux-x86-64.so.2 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libguile-3.0.so.1.6.0 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libc.so.6 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libgc.so.1.5.1 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libffi.so.8.1.2 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libunistring.so.5.0.0 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libgmp.so.10.4.1 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libcrypt.so.2.0.0 during file-backed mapping note processing + +warning: Can't open file /usr/lib/libm.so.6 during file-backed mapping note processing + +warning: core file may not match specified executable file. +[New LWP 509058] +[New LWP 509060] +[Thread debugging using libthread_db enabled] +Using host libthread_db library "/usr/lib64/libthread_db.so.1". +Core was generated by `/usr/bin/qemu-x86_64 /usr/bin/make VERSION=11.3.2 DESTDIR=/home/niko/devel/yay/'. +Program terminated with signal SIGSEGV, Segmentation fault. +#0 0x0000000010278798 in sigsuspend () +[Current thread is 1 (Thread 0x1bde9000 (LWP 509058))] +(gdb) info threads + Id Target Id Frame +* 1 Thread 0x1bde9000 (LWP 509058) 0x0000000010278798 in sigsuspend () + 2 Thread 0x3fffae0ef380 (LWP 509060) 0x00000000102cf6ec in syscall () +(gdb) quit +``` + +Download coredumps: + +https://drive.google.com/file/d/1GosaobKvmuRg-olaA1-aZcp7zAZcWmcF/view?usp=share_link + +https://drive.google.com/file/d/1N0BmlBIYY-qT5lHqlrKXvPL_FdYl3GfI/view?usp=share_link diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1516408 b/results/classifier/deepseek-r1:32b/output/syscall/1516408 new file mode 100644 index 000000000..30acd8686 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1516408 @@ -0,0 +1,34 @@ + + + +sh4: Unsupported syscall: 186 + +Hello! + +I'm currently testing qemu as a possibility to set up a buildd for the Debian sh4 port. + +I set up qemu and an sh4 chroot as described in the Debian Wiki [1]. This seems to be working mostly fine (besides the fact that qemu segfaults on an amd64 host while it runs fine on an i386 host, I'll file a separate bug report). However, when installing python3.4 in the sh4 chroot, qemu repeatedly printed an error message about an unimplemented syscall: 186: + +qemu: Unsupported syscall: 186 + +From the source code in linux-user/sh4/syscall_nr.h it's apparent that 186 is defined as + +#define TARGET_NR_sigaltstack 186 + +Looking at the implementation part, it becomes obvious that this syscall is not enabled for sh4: + +#if defined(TARGET_I386) || defined(TARGET_ARM) || defined(TARGET_MIPS) || \ + defined(TARGET_SPARC) || defined(TARGET_PPC) || defined(TARGET_ALPHA) || \ + defined(TARGET_M68K) || defined(TARGET_S390X) || defined(TARGET_OPENRISC) + ret = do_sigaltstack(arg1, arg2, get_sp_from_cpustate((CPUArchState *)cpu_env)); + break; +#else + goto unimplemented; +#endif + +Is there any particular reason why TARGET_NR_sigaltstack is not enabled on sh4? If not, could you enable it? + +Thanks, +Adrian + +> [1] https://wiki.debian.org/QemuUserEmulation \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1563612 b/results/classifier/deepseek-r1:32b/output/syscall/1563612 new file mode 100644 index 000000000..8b9361c8a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1563612 @@ -0,0 +1,53 @@ + + + +pulseaudio applications crash under linux-user-x86_64 + +Running a simple application that uses pulseaudio under qemu-i386 or qemu-x86_64 makes it crash (tested on Debian 8.0): + +# apt-get install build-essential qemu-user libpulse-dev pulseaudio +$ cat > test.c << __EOF +#include <pulse/simple.h> + +int main(void) { + pa_simple *s; + pa_sample_spec ss; + ss.format = PA_SAMPLE_S16NE; + ss.channels = 2; + ss.rate = 44100; + s = pa_simple_new(NULL, // Use the default server. + "Fooapp", // Our application's name. + PA_STREAM_PLAYBACK, + NULL, // Use the default device. + "Music", // Description of our stream. + &ss, // Our sample format. + NULL, // Use default channel map + NULL, // Use default buffering + // attributes. + NULL // Ignore error code. + ); + + int16_t buf[2 * 1000]; + int i; + memset(buf, 0, sizeof buf); + for (i = 0; i < 44; i++) { + pa_simple_write(s, buf, sizeof buf, NULL); + } + + pa_simple_free(s); + + return 0; +} +__EOF +$ gcc test.c -o test -lpulse -lpulse-simple +$ ./test +<no output, no error> +$ qemu-x86_64 ./test +qemu: uncaught target signal 11 (Segmentation fault) - core dumped +Segmentation fault +$ + + +I think this is related to the futex system call. In an attempt to debug the problem, I compiled pulseaudio in debug mode and it hit an assertion failure in pa_mutex_unlock. + +Thank you for developing QEMU. :-) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1585840 b/results/classifier/deepseek-r1:32b/output/syscall/1585840 new file mode 100644 index 000000000..71d869719 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1585840 @@ -0,0 +1,12 @@ + + + +multiprocess program gets incorrect results with qemu arm-linux-user + +The attached program can run either in a threaded mode or a multiprocess mode. It defaults to threaded mode, and switches to multiprocess mode if the first positional argument is "process". "success" of the test is defined as the final count being seen as 2000000 by both tasks. + +In standard linux x86_64 userspace (i7, 4 cores) and in standard armhf userspace (4 cores), the test program consistently completes successfully in both modes. But with qemu arm-linux-user, the test consistently succeeds in threaded mode and generally fails in multiprocess mode. + +The test reflects an essential aspect of how the Free and Open Source project linuxcnc's IPC system works: shared memory regions (created by shmat, but mmap would probably behave the same) contain data and mutexes. I observed that our testsuite encounters numerous deadlocks and failures when running in an schroot with qemu-user (x86_64 host), and I believe the underlying cause is improper support for atomic operations in a multiprocess model. (the testsuite consistently passes on real hardware) + +I observed the same failure at v1.6.0 and master (v2.6.0-424-g287db79), as well as in the outdated Debian version 1:2.1+dfsg-12+deb8u5a. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1594394 b/results/classifier/deepseek-r1:32b/output/syscall/1594394 new file mode 100644 index 000000000..284d39d80 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1594394 @@ -0,0 +1,44 @@ + + + +Using setreuid / setegid crashes x86_64 user-mode target + +When setreuid() or setegid() are called from x86_64 target code in user mode, qemu crashes inside the NPTL signal handlers. x86 targets do not directly use a syscall to handle setreuid() / setegid(); instead the x86 NPTL implementation sets up a temporary data region in memory (__xidcmd) and issues a signal (SIGRT1) to all threads, allowing the handler for that signal to issue the syscall. Under qemu, __xidcmd remains null (see variable display below backtrace). + +Backtrace: +Program received signal SIGSEGV, Segmentation fault. +[Switching to Thread 0x3fff85c74fc0 (LWP 74517)] +0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263 +263 nptl-init.c: No such file or directory. +(gdb) thread apply all bt + +Thread 3 (Thread 0x3fff87e8efc0 (LWP 74515)): +#0 0x00000000601cc430 in syscall () +#1 0x0000000060109080 in futex_wait (val=<optimized out>, ev=<optimized out>) at /build/qemu/util/qemu-thread-posix.c:292 +#2 qemu_event_wait (ev=0x62367bb0 <rcu_call_ready_event>) at /build/qemu/util/qemu-thread-posix.c:399 +#3 0x000000006010f73c in call_rcu_thread (opaque=<optimized out>) at /build/qemu/util/rcu.c:250 +#4 0x0000000060176f8c in start_thread (arg=0x3fff87e8efc0) at pthread_create.c:336 +#5 0x00000000601cebf4 in clone () + +Thread 2 (Thread 0x3fff85c74fc0 (LWP 74517)): +#0 0x000000006017491c in sighandler_setxid (sig=33, si=0x3fff85c72d08, ctx=0x3fff85c71f90) at nptl-init.c:263 +#1 <signal handler called> +#2 0x00000000601cc42c in syscall () +#3 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748 +#4 do_futex (val3=<optimized out>, uaddr2=275186650880, timeout=0, val=1129, op=128, uaddr=275186651116) at /build/qemu/linux-user/syscall.c:6201 +#5 do_syscall (cpu_env=0x1000abfd350, num=<optimized out>, arg1=275186651116, arg2=<optimized out>, arg3=1129, arg4=0, arg5=275186650880, arg6=<optimized out>, arg7=0, arg8=0) + at /build/qemu/linux-user/syscall.c:10651 +#6 0x00000000600347b8 in cpu_loop (env=0x1000abfd350) at /build/qemu/linux-user/main.c:317 +#7 0x0000000060036ae0 in clone_func (arg=0x3fffc4c2ca38) at /build/qemu/linux-user/syscall.c:5445 +#8 0x0000000060176f8c in start_thread (arg=0x3fff85c74fc0) at pthread_create.c:336 +#9 0x00000000601cebf4 in clone () + +Thread 1 (Thread 0x1000aa05000 (LWP 74511)): +#0 0x00000000601cc430 in syscall () +#1 0x0000000060044b08 in safe_futex (val3=<optimized out>, uaddr2=0x0, timeout=<optimized out>, val=<optimized out>, op=128, uaddr=<optimized out>) at /build/qemu/linux-user/syscall.c:748 +#2 do_futex (val3=<optimized out>, uaddr2=1, timeout=0, val=1, op=128, uaddr=275078324992) at /build/qemu/linux-user/syscall.c:6201 +#3 do_syscall (cpu_env=0x1000aa23890, num=<optimized out>, arg1=275078324992, arg2=<optimized out>, arg3=1, arg4=0, arg5=1, arg6=<optimized out>, arg7=0, arg8=0) at /build/qemu/linux-user/syscall.c:10651 +#4 0x00000000600347b8 in cpu_loop (env=0x1000aa23890) at /build/qemu/linux-user/main.c:317 +#5 0x00000000600020e4 in main (argc=<optimized out>, argv=<optimized out>, envp=<optimized out>) at /build/qemu/linux-user/main.c:4779 +(gdb) p __xidcmd +$1 = (struct xid_command *) 0x0 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1605443 b/results/classifier/deepseek-r1:32b/output/syscall/1605443 new file mode 100644 index 000000000..9a30c6f0b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1605443 @@ -0,0 +1,14 @@ + + + +QEMU epoll for i386-linux-user on arm host is broken in 2.6 + +I'm trying to get wine running on qemu-i386 on arm. + +I found that 2.5.1 is OK, but 2.6 is not. + +By bisecting, I found commit 928bed6a057cedd6110e634865e021a24029785a is the problem. + +I reverted this commit, and then epoll is OK now. + +It seems that the commit broke epoll of qemu-i386 on arm. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1617929 b/results/classifier/deepseek-r1:32b/output/syscall/1617929 new file mode 100644 index 000000000..957d6dfd0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1617929 @@ -0,0 +1,53 @@ + + + +qemu hangs in pselect syscall + +I'm using git commit d75aa4372f0414c9960534026a562b0302fcff29 (v2.7.0-rc4) configured with; + --enable-linux-user \ + --disable-system \ + --disable-tools \ + --disable-guest-agent \ + --static --disable-linux-aio \ + --disable-fdt \ + --without-pixman \ + --disable-blobs \ +Stable version (v2.6.0) also have the same problem. + +In a chroot environment I ran below command-line to compile some things, different sources each time. + /usr/bin/qemu-arm -0 /usr/bin/edje_cc /usr/bin/edje_cc -id /home/abuild/rpmbuild/BUILD/org.tizen.browser-1.6.2/services/SimpleUI/images_mob/ -DBROWSER_RESOLUTION_720x1280=1 -DPROFILE_MOBILE=1 /home/abuild/rpmbuild/BUILD/org.tizen.browser-1.6.2/services/SimpleUI/edc/TextPopup_mob.edc /home/abuild/rpmbuild/BUILD/org.tizen.browser-1.6.2/build-tizen/services/SimpleUI/720x1280_TextPopup.edj + +Here is back trace with gdb; +#0 safe_syscall_end () at /usr/src/debug/qemu-2.6.94/linux-user/host/i386/safe-syscall.inc.S:78 +#1 0x60049370 in safe_pselect6 (nfds=10, readfds=0xffa31b5c, writefds=0xffa31bdc, exceptfds=0xffa31c5c, timeout=0x0, sig=0x0) + at /usr/src/debug/qemu-2.6.94/linux-user/syscall.c:855 +#2 0x6004b2fe in do_select (n=10, rfd_addr=1082122232, wfd_addr=1082122360, efd_addr=1082122488, target_tv_addr=0) + at /usr/src/debug/qemu-2.6.94/linux-user/syscall.c:1386 +#3 0x6005e5ba in do_syscall (cpu_env=0x640d0454, num=142, arg1=10, arg2=1082122232, arg3=1082122360, arg4=1082122488, arg5=0, arg6=1087473216, arg7=0, + arg8=0) at /usr/src/debug/qemu-2.6.94/linux-user/syscall.c:9690 +#4 0x60045def in cpu_loop (env=0x640d0454) at /usr/src/debug/qemu-2.6.94/linux-user/main.c:876 +#5 0x60047640 in main (argc=10, argv=0xffa33c84, envp=0xffa33cb0) at /usr/src/debug/qemu-2.6.94/linux-user/main.c:4817 + +Attached core file taken from gdb. To see the stack frame, you could try; +$ tar -xf reproduced_118_04.tar.bz2; gdb --core core.1823 qemu-arm + +And recent strace log for PID 1823(stucked one); +79965 [ 313s] 1823 :0x8e _newselect(10,[9,3,],[],[],NULL) +79966 [ 313s] ==>[pselect6(0xa)=] +79967 [ 313s] [pselect6=0x1]<== +79968 [ 313s] 1823 :0x8e _newselect(10,[9,],[],[],NULL) +79969 [ 313s] 1823 :0x8e => = 0x00000001 ([9,],[],[],NULL) +79970 [ 313s] 1823 :0xfc epoll_wait(3,1082121456,32,0,1082121456,3) +79971 [ 313s] 1823 :0xfc epoll_wait(3,1082121456,32,0,1082121456,3) +79972 [ 313s] 1823 :0xfc => = 0 +79973 [ 313s] 1823 :0x3 read(9,0x407fdeec,16) +79974 [ 313s] 1823 :0x3 read(9,0x407fdeec,16) +79975 [ 313s] 1823 :0x3 => = 8 +79976 [ 313s] 1823 :0x107 clock_gettime(1,1082122120,0,1082829144,1082827588,0) +79977 [ 313s] 1823 :0x107 clock_gettime(1,1082122120,0,1082829144,1082827588,0) +79978 [ 313s] 1823 :0x107 => = 0 +79979 [ 313s] 1823 :0x8e _newselect(10,[9,3,],[],[],NULL) +79980 [ 313s] ==>[pselect6(0xa)=] + +I'm using 64-bit Ubuntu with kernel release Linux 3.19.0-25-generic #26~14.04.1-Ubuntu. +Reproducibility is low. One occurrence out of 50+ trials. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1619896 b/results/classifier/deepseek-r1:32b/output/syscall/1619896 new file mode 100644 index 000000000..65fb39f5e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1619896 @@ -0,0 +1,53 @@ + + + +linux-user missing cmsg IP_PKTINFO support ("Unsupported ancillary data: 0/8") + +Hello, + +I have the following issue when launching the Teamspeak Server x86 binary on an arm host. + +Host: + Linux 4.6.2 (vanilla) + Ubuntu 14.04.5 LTS + HW: Cubietruck board, armv7l + + +Used SW: Release archive qemu-2.7.0.tar.bz2 and git commit 1dc33ed90bf1fe1c2014dffa0d9e863c520d953a +Configure options: + ../configure --target-list=i386-linux-user +I attached the output of the configure script as configure.log + +Testcase: + +1. Download and extract TeamSpeak 3 Server 3.0.13.3 (x86) + Souce: http://dl.4players.de/ts/releases/3.0.13.3/teamspeak3-server_linux_x86-3.0.13.3.tar.bz2 + +2. Modifiy ts3server_minimal_runscript.sh for ease of use + - ./ts3server $@ + + /usr/local/bin/qemu-i386 ./ts3server $@ + +3. Execute ./ts3server_minimal_runscript.sh + +Wait for 6 Minutes until teamspeak server started. QEMU saturates the cpu while Teamspeak is precomputing a puzzle. (Whatever that means) + +After that Teamspeak settles with the following output: + 2016-09-03 10:50:59.555582|INFO |Query | |listening on 0.0.0.0:10011, :::10011 + +The Qemu process is now idling with ~2% cpu load. This is actually the first time for me that QEMU is able to successfully launch the Teamspeak server. Kudos! + +4. Connect client 1 + +TS Clients can connect, but the following line is printed pretty often: + Unsupported ancillary data: 0/8 + +The line seems to come from qemu (linux-user/syscall.c) + + +5. Connect client 2 +When a second client is connected the audio transmission is successful for a few seconds, but the server drops the connection after that and refuses to take new connections. + +Please let me know, if you need more information. I'll gladly provide strace or valgrind logs. + +Best regards, +Tobias \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1689367 b/results/classifier/deepseek-r1:32b/output/syscall/1689367 new file mode 100644 index 000000000..f6d257a86 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1689367 @@ -0,0 +1,29 @@ + + + +In qemu chroot, repeating "qemu: Unsupported syscall: 384" messages. sys_getrandom ? + +On exec of an armv7 qemu chroot on my local x86_64 desktop, launched via + + /usr/sbin/qemu-binfmt-conf.sh + +from + + qemu-linux-user-2.9.0-374.1.x86_64 + +on the host, inside the chroot any compile activity is laced with repetitions of + + qemu: Unsupported syscall: 384 + +messages. + +This wasn't always the case -- but, TBH, it's been ~ 6 months since I used this env, and there have been scads of usual pkg updates in the interim. These messages appear to be non-fatal, with no particular effect at all; at least not so far ... + +From a chat in #IRC, + + [10:05] davidgiluk clever/pgnd: I see it as getrandom + [10:05] davidgiluk pgnd: https://fedora.juszkiewicz.com.pl/syscalls.html sort it on the ARM table and you can easily see it + [10:05] clever arch/arm/tools/syscall.tbl:384 common getrandom sys_getrandom + [10:06] davidgiluk pgnd: my *guess* is that something is calling getrandom, getting told it's not implemented and then falling back to using /dev/urandom + [10:10] pgnd davidgiluk: If that *is* the case, is it to be considered a problem, or just informational? + [10:12] davidgiluk pgnd: As long as it's falling back probably informational; but someone should probably go and wire up sys_getrandom at some point \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1696773 b/results/classifier/deepseek-r1:32b/output/syscall/1696773 new file mode 100644 index 000000000..9eea4be1a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1696773 @@ -0,0 +1,10 @@ + + + +golang calls to exec crash user emulation + +An example program can be found here: + +https://github.com/willnewton/qemucrash + +This code starts a goroutine (thread) and calls exec repeatedly. This works ok natively but when run under ARM user emulation it segfaults (usually, there are occasionally other failures). \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1701808 b/results/classifier/deepseek-r1:32b/output/syscall/1701808 new file mode 100644 index 000000000..1ee2c3ed6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1701808 @@ -0,0 +1,19 @@ + + + +stack smashing in or after recvmsg system call in aarch64 user mode + +A program that invokes recvmsg aborts with "*** stack smashing detected ***" when run in qemu-aarch64 (user mode), but works fine when running on native aarch64 hardware. + +How to reproduce: +$ aarch64-linux-gnu-gcc-5 -O -Wall /media/develdata/devel/qemu-bug/testpassfd.c -static -DEXTRA_SPACE=0 +$ QEMU_LD_PREFIX=/usr/aarch64-linux-gnu ~/inst-qemu/2.9.0/bin/qemu-aarch64 ./a.out +*** stack smashing detected ***: ./a.out terminated +qemu: uncaught target signal 6 (Aborted) - core dumped + +On native aarch64 hardware: +$ ./a.out +$ echo $? +0 + +The parameter EXTRA_SPACE can be used to add additional space to the array that receives the recvmsg data. With -DEXTRA_SPACE=9 (or larger), the program runs fine. Which suggests that recvmsg is storing up to 9 bytes more than allowed in memory. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1701971 b/results/classifier/deepseek-r1:32b/output/syscall/1701971 new file mode 100644 index 000000000..34a76741a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1701971 @@ -0,0 +1,48 @@ + + + +multithreading not working right under qemu user mode for sh4 + +In a multithreaded program running under qemu-sh4 (version 2.9.0), thread termination and/or pthread_join is not working right. + +The attached program works natively on all kinds of platforms, and under qemu user mode emulation for at least alpha, armelhf, aarch64, powerpc64le. + +How to reproduce: +- Compile the program: sh4-linux-gnu-gcc-5 -O -Wall -lpthread -o test-tls test-tls.c +- Set environment variables for running qemu-sh4. +- ~/inst-qemu/2.9.0/bin/qemu-sh4 test-tls + +Expected behaviour: After the "Worker xxxxx dying" line, the main() function prints "OK", and the program terminates. + +Actual behaviour (only on sh4): After the "Worker xxxxx dying" line, it hangs. Attaching gdb to qemu shows 15 threads with a stack trace like +#0 safe_syscall_base () at /build/qemu-2.9.0/linux-user/host/x86_64/safe-syscall.inc.S:75 +#1 0x00005584f86f4c48 in safe_futex (uaddr=<optimized out>, op=op@entry=128, val=val@entry=2, timeout=<optimized out>, uaddr2=uaddr2@entry=0x0, + val3=val3@entry=-161181992) at /build/qemu-2.9.0/linux-user/syscall.c:921 +#2 0x00005584f870353b in do_futex (val3=-161181992, uaddr2=4134624624, timeout=0, val=<optimized out>, op=<optimized out>, uaddr=<optimized out>) + at /build/qemu-2.9.0/linux-user/syscall.c:7147 +#3 do_syscall (cpu_env=<optimized out>, num=240, arg1=<optimized out>, arg2=<optimized out>, arg3=<optimized out>, arg4=0, arg5=-160342672, + arg6=-161181992, arg7=0, arg8=0) at /build/qemu-2.9.0/linux-user/syscall.c:11692 +#4 0x00005584f86f454a in cpu_loop (env=env@entry=0x5584fb3d04f8) at /build/qemu-2.9.0/linux-user/main.c:2676 +#5 0x00005584f86f5dd5 in clone_func (arg=0x7fff4d485c20) at /build/qemu-2.9.0/linux-user/syscall.c:6234 +#6 0x00007f08f05a46ba in start_thread (arg=0x7f08f1368700) at pthread_create.c:333 +#7 0x00007f08f02da3dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 + +and 1 thread with a stack trace like +#0 safe_syscall_base () at /build/qemu-2.9.0/linux-user/host/x86_64/safe-syscall.inc.S:75 +#1 0x00005584f86f4c48 in safe_futex (uaddr=<optimized out>, op=op@entry=0, val=val@entry=18875, timeout=<optimized out>, uaddr2=uaddr2@entry=0x0, + val3=val3@entry=-161180376) at /build/qemu-2.9.0/linux-user/syscall.c:921 +#2 0x00005584f870353b in do_futex (val3=-161180376, uaddr2=4135101768, timeout=0, val=<optimized out>, op=<optimized out>, uaddr=<optimized out>) + at /build/qemu-2.9.0/linux-user/syscall.c:7147 +#3 do_syscall (cpu_env=<optimized out>, num=240, arg1=<optimized out>, arg2=<optimized out>, arg3=<optimized out>, arg4=0, arg5=-159865528, + arg6=-161180376, arg7=0, arg8=0) at /build/qemu-2.9.0/linux-user/syscall.c:11692 +#4 0x00005584f86f454a in cpu_loop (env=0x5584fb3b99a8) at /build/qemu-2.9.0/linux-user/main.c:2676 +#5 0x00005584f86c12d3 in main (argc=<optimized out>, argv=0x7fff4d4878b8, envp=<optimized out>) + at /build/qemu-2.9.0/linux-user/main.c:4860 + +and 1 thread with a stack trace like +#0 syscall () at ../sysdeps/unix/sysv/linux/x86_64/syscall.S:38 +#1 0x00005584f876eab5 in qemu_futex_wait (val=<optimized out>, f=<optimized out>) at /build/qemu-2.9.0/include/qemu/futex.h:26 +#2 qemu_event_wait (ev=ev@entry=0x5584faa43d84 <rcu_call_ready_event>) at /build/qemu-2.9.0/util/qemu-thread-posix.c:399 +#3 0x00005584f87748ce in call_rcu_thread (opaque=<optimized out>) at /build/qemu-2.9.0/util/rcu.c:249 +#4 0x00007f08f05a46ba in start_thread (arg=0x7f08eff62700) at pthread_create.c:333 +#5 0x00007f08f02da3dd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:109 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1701974 b/results/classifier/deepseek-r1:32b/output/syscall/1701974 new file mode 100644 index 000000000..ea81509d9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1701974 @@ -0,0 +1,20 @@ + + + +pwrite does not work right under qemu-sh4 + +The pwrite system call has no effect when writing to a non-zero file position, in a program running under qemu-sh4 (version 2.9.0). + +How to reproduce: +- Compile the program: + sh4-linux-gnu-gcc-5 -O -Wall -static -o test-pwrite test-pwrite.c +- Set environment variable for using qemu-sh4 (actually not needed, since the program is statically linked here). +- ~/inst-qemu/2.9.0/bin/qemu-sh4 test-pwrite + +Expected output: +buf = 01W3456789 + +Actual output: +buf = 0123456789 +test-pwrite.c:56: assertion 'strcmp ("01W3456789",buf) == 0' failed +qemu: uncaught target signal 6 (Aborted) - core dumped \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1716292 b/results/classifier/deepseek-r1:32b/output/syscall/1716292 new file mode 100644 index 000000000..e0209f879 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1716292 @@ -0,0 +1,33 @@ + + + +User mode emulation returns wrong value for write(fd, NULL, 0) + +QEMU version: latest master (fcea73709b966a7ded9efa7b106ea50c7fe9025c) +OS version: Ubuntu 14.04.3 +Configured with: ../configure --target-list=x86_64-linux-user + +QEMU Linux usermode emulation does not handle write() syscalls with zero length and a null pointer correctly: on Linux this returns 0, but in emulation this returns -1. + +I ran into this while using an aarch64 abuild-tar from Alpine Linux in user-mode emulation; here's the minimized reproduction test case: + +zhuowei@zhuowei-tablet:/tmp$ cat writezerobytes.c +#include <stdio.h> +#include <unistd.h> +#include <fcntl.h> + +int main() { + ssize_t ret = write(STDOUT_FILENO, NULL, 0); + fprintf(stderr, "write returned %ld\n", ret); + return 0; +} +zhuowei@zhuowei-tablet:/tmp$ gcc -o writezerobytes writezerobytes.c +zhuowei@zhuowei-tablet:/tmp$ uname -a +Linux zhuowei-tablet 3.13.0-129-generic #178-Ubuntu SMP Fri Aug 11 12:48:20 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux +zhuowei@zhuowei-tablet:/tmp$ ./writezerobytes +write returned 0 +zhuowei@zhuowei-tablet:/tmp$ /media/zhuowei/redhd/docs/repos/qemu/build4/x86_64-linux-user/qemu-x86_64 ./writezerobytes +write returned -1 +zhuowei@zhuowei-tablet:/tmp$ /media/zhuowei/redhd/docs/repos/qemu/build4/x86_64-linux-user/qemu-x86_64 --version +qemu-x86_64 version 2.10.50 (v2.10.0-471-gfcea737-dirty) +Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1726394 b/results/classifier/deepseek-r1:32b/output/syscall/1726394 new file mode 100644 index 000000000..13658861b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1726394 @@ -0,0 +1,8 @@ + + + +Passes through prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, address) + +qemu-user passes through prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, address) unmodified, but the third argument is an address to a BPF filter, causing an EFAULT. Now, the filter is architecture-specifc, so you can't just rewrite the addresses, so the safest bet is to just return an error here. + +I guess you should just return EINVAL, but not sure. I'd really like something that can be identified, so seccomp errors can be ignored when it's not supported. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1728116 b/results/classifier/deepseek-r1:32b/output/syscall/1728116 new file mode 100644 index 000000000..b161a72f3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1728116 @@ -0,0 +1,50 @@ + + + +Empty /proc/self/auxv (linux-user) + +The userspace Linux API virtualization used to fake access to /proc/self/auxv, to provide meaningful data for the guest process. + +For newer qemu versions, this fails: The openat() is intercepted, but there's no content: /proc/self/auxv has length zero (i.e. reading from it returns 0 bytes). + +Good: + +$ x86_64-linux-user/qemu-x86_64 /usr/bin/cat /proc/self/auxv | wc -c +256 /proc/self/auxv + +Bad: + +$ x86_64-linux-user/qemu-x86_64 /usr/bin/cat /proc/self/auxv | wc -c +0 /proc/self/auxv + +This worked in 2.7.1, and fails in 2.10.1. + +This causes e.g. any procps-ng-based tool to segfault while reading from /proc/self/auxv in an endless loop (probably worth another bug report...) + +Doing a "git bisect" shows that this commit: https://github.com/qemu/qemu/commit/7c4ee5bcc introduced the problem. + +It might be a simple logic (subtraction in the wrong direction?) or sign-ness error: Adding some logging (to v2.10.1) + +diff --git a/linux-user/syscall.c b/linux-user/syscall.c +index 9b6364a..49285f9 100644 +--- a/linux-user/syscall.c ++++ b/linux-user/syscall.c +@@ -7469,6 +7469,9 @@ static int open_self_auxv(void *cpu_env, int fd) + abi_ulong len = ts->info->auxv_len; + char *ptr; + ++ gemu_log(TARGET_ABI_FMT_lu"\n", len); ++ gemu_log(TARGET_ABI_FMT_ld"\n", len); ++ + /* + * Auxiliary vector is stored in target process stack. + * read in whole auxv vector and copy it to file + +shows this output: + +$ x86_64-linux-user/qemu-x86_64 /usr/bin/cat /proc/self/auxv | wc -c +18446744073709551264 +-352 +0 + +And 352 could be the expected length. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1749393 b/results/classifier/deepseek-r1:32b/output/syscall/1749393 new file mode 100644 index 000000000..a2237f14e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1749393 @@ -0,0 +1,29 @@ + + + +sbrk() not working under qemu-user with a PIE-compiled binary? + +In Debian unstable, we recently switched bash to be a PIE-compiled binary (for hardening). Unfortunately this resulted in bash being broken when run under qemu-user (for all target architectures, host being amd64 for me). + +$ sudo chroot /srv/chroots/sid-i386/ qemu-i386-static /bin/bash +bash: xmalloc: .././shell.c:1709: cannot allocate 10 bytes (0 bytes allocated) + +bash has its own malloc implementation based on sbrk(): +https://git.savannah.gnu.org/cgit/bash.git/tree/lib/malloc/malloc.c + +When we disable this internal implementation and rely on glibc's malloc, then everything is fine. But it might be that glibc has a fallback when sbrk() is not working properly and it might hide the underlying problem in qemu-user. + +This issue has also been reported to the bash upstream author and he suggested that the issue might be in qemu-user so I'm opening a ticket here. Here's the discussion with the bash upstream author: +https://lists.gnu.org/archive/html/bug-bash/2018-02/threads.html#00080 + +You can find the problematic bash binary in that .deb file: +http://snapshot.debian.org/archive/debian/20180206T154716Z/pool/main/b/bash/bash_4.4.18-1_i386.deb + +The version of qemu I have been using is 2.11 (Debian package qemu-user-static version 1:2.11+dfsg-1) but I have had reports that the problem is reproducible with older versions (back to 2.8 at least). + +Here are the related Debian bug reports: +https://bugs.debian.org/889869 +https://bugs.debian.org/865599 + +It's worth noting that bash used to have this problem (when compiled as a PIE binary) even when run directly but then something got fixed in the kernel and now the problem only appears when run under qemu-user: +https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1518483 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1763536 b/results/classifier/deepseek-r1:32b/output/syscall/1763536 new file mode 100644 index 000000000..d18dcbccb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1763536 @@ -0,0 +1,86 @@ + + + +go build fails under qemu-ppc64le-static (qemu-user) + +I am using qemu-user (built static) in a docker container environment. When running multi-threaded go commands in the container (go build for example) the process may hang, report segfaults or other errors. I built qemu-ppc64le from the upstream git (master). + +I see the problem running on a multi core system with Intel i7 processors. +# cat /proc/cpuinfo | grep "model name" +model name : Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz +model name : Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz +model name : Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz +model name : Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz +model name : Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz +model name : Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz +model name : Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz +model name : Intel(R) Core(TM) i7-2760QM CPU @ 2.40GHz + +Steps to reproduce: +1) Build qemu-ppc64le as static and copy into docker build directory named it qemu-ppc64le-static. + +2) Add hello.go to docker build dir. + +package main +import "fmt" +func main() { + fmt.Println("hello world") +} + +3) Create the Dockerfile from below: + +FROM ppc64le/golang:1.10.1-alpine3. +COPY qemu-ppc64le-static /usr/bin/ +COPY hello.go /go + +4) Build container +$ docker build -t qemutest -f Dockerfile ./go + +5) Run test +$ docker run -it qemutest + +/go # /usr/bin/qemu-ppc64le-static --version +qemu-ppc64le version 2.11.93 (v2.12.0-rc3-dirty) +Copyright (c) 2003-2017 Fabrice Bellard and the QEMU Project developers + +/go # go version +go version go1.10.1 linux/ppc64le + +/go # go build hello.go +fatal error: fatal error: stopm holding locksunexpected signal during runtime execution + +panic during panic +[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x1003528c] + +runtime stack: +runtime: unexpected return pc for syscall.Syscall6 called from 0xc42007f500 +stack: frame={sp:0xc4203be840, fp:0xc4203be860} stack=[0x4000b7ecf0,0x4000b928f0) + +syscall.Syscall6(0x100744e8, 0x3d, 0xc42050c140, 0x20, 0x18, 0x10422b80, 0xc4203be968[signal , 0x10012d88SIGSEGV: segmentation violation, 0xc420594000 code=, 0x00x1 addr=0x0 pc=0x1003528c) +] + +runtime stack: + /usr/local/go/src/syscall/asm_linux_ppc64x.s:61runtime.throw(0x10472d19, 0x13) + + /usr/local/go/src/runtime/panic.go:0x6c616 +0x68 + + +runtime.stopm() + /usr/local/go/src/runtime/proc.go:1939goroutine +10x158 + [runtime.exitsyscall0semacquire(0xc42007f500) + /usr/local/go/src/runtime/proc.go:3129 +]: +0x130 +runtime.mcall(0xc42007f500) + /usr/local/go/src/runtime/asm_ppc64x.s:183 +0x58sync.runtime_Semacquire +(0xc4201fab1c) + /usr/local/go/src/runtime/sema.go:56 +0x38 + +---- +Note the results may differ between attempts, hangs and other faults sometimes happen. +---- +If I run "go: single threaded I don't see the problem, for example: + +/go # GOMAXPROCS=1 go build -p 1 hello.go +/go # ./hello +hello world + +I see the same issue with arm64. I don't think this is a go issue, but don't have a real evidence to prove that. This problem looks similar to other problem I have seen reported against qemu running multi-threaded applications. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1770 b/results/classifier/deepseek-r1:32b/output/syscall/1770 new file mode 100644 index 000000000..7ba477592 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1770 @@ -0,0 +1,25 @@ + + + +Wrong unpacked structure for epoll_event on qemu-or1k (openrisc) +Description of problem: +When using cmake automoc, the process will infinite loop waiting for epoll_events. +Steps to reproduce: +1. Try to compile cmake with qt5 support +2. The build process will freeze when "Automatic MOC" is invoked +Additional information: +The problem is that or1k has a "packed" epoll_event structure, so it should be also packed in target_epoll_event structure. +Following the (very trivial) patch: +``` +--- qemu-20230327/linux-user/syscall_defs.h.orig 2023-03-27 15:41:42.000000000 +0200 ++++ qemu-20230327/linux-user/syscall_defs.h 2023-06-30 17:29:39.034322213 +0200 +@@ -2714,7 +2709,7 @@ + #define FUTEX_CMD_MASK ~(FUTEX_PRIVATE_FLAG | FUTEX_CLOCK_REALTIME) + + #ifdef CONFIG_EPOLL +-#if defined(TARGET_X86_64) ++#if defined(TARGET_X86_64) || defined(TARGET_OPENRISC) + #define TARGET_EPOLL_PACKED QEMU_PACKED + #else + #define TARGET_EPOLL_PACKED +``` diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1776478 b/results/classifier/deepseek-r1:32b/output/syscall/1776478 new file mode 100644 index 000000000..ea670a053 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1776478 @@ -0,0 +1,49 @@ + + + +Getting qemu: uncaught target signal 6 when running lv2 plugin cross-compilation + +Hey, +I am part of the Zynthian team and we use qemu-arm-static to cross compile lv2 audio plugins. + +When running a compilation of DISTRHO-Ports we get: + +lv2_ttl_generator: pthread_mutex_lock.c:81: __pthread_mutex_lock: Assertion `mutex->__data.__owner == 0' failed. +qemu: uncaught target signal 6 (Aborted) - core dumped +./scripts/generate-ttl.sh: line 27: 16524 Aborted $GEN ./$FILE +Makefile:62: recipe for target 'gen_lv2' failed +make[1]: *** [gen_lv2] Error 134 +make[1]: Leaving directory '/home/pi/zynthian-sw/plugins/DISTRHO-Ports' +Makefile:104: recipe for target 'lv2' failed +make: *** [lv2] Error 2 + + +lv2_ttl_generator source is here: +https://github.com/DISTRHO/DISTRHO-Ports/tree/master/libs/lv2-ttl-generator + +The command that is ruining is +lv2_ttl_generator ./TAL-Filter-2.so + +And ./TAL-Filter-2.so source is here: +https://github.com/DISTRHO/DISTRHO-Ports/tree/master/ports/tal-filter-2/source + + + +Is there a way to debug what is going on? +This runs fine on a Raspberrypi which is armv7 + +A workaround would also help. + + +Bug in Zynthian: +https://github.com/zynthian/zynthian-sys/issues/59 +Bug in DISTRHO-Ports: +https://github.com/DISTRHO/DISTRHO-Ports/issues/29 + +Using qemu-arm-static version from master from two days ago: +qemu-arm version 2.12.50 (v2.12.0-1182-ga7a7309ca5-dirty), commit: a7a7309ca52c327c6603d60db90ae4feeae719f7 + +Also saw this in qemu-arm version 2.12.0 (Debian 1:2.12+dfsg-3) + +Thanks, +Guy \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1785203 b/results/classifier/deepseek-r1:32b/output/syscall/1785203 new file mode 100644 index 000000000..82e74066d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1785203 @@ -0,0 +1,46 @@ + + + +accel/tcg/translate-all.c:2511: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed. + +qemu-riscv64 version 2.12.93 crashes when mincore() is called with invalid pointer with the following message: + +qemu-riscv64: /opt/qemu/accel/tcg/translate-all.c:2511: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed. +qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x600014ef + +Testcase: + +#include <sys/mman.h> + +int main (void) +{ + unsigned char v; + return mincore ((void *) 0x00000010000000000, 1, &v); +} + +Backtrace: + +#0 raise (sig=sig@entry=6) at ../sysdeps/unix/sysv/linux/raise.c:50 +#1 0x000000006000140a in abort () at abort.c:79 +#2 0x00000000600012ec in __assert_fail_base ( + fmt=0x6024eae8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", + assertion=0x601b9758 "start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)", + file=0x601b9658 "/opt/qemu/accel/tcg/translate-all.c", line=2511, + function=0x601b9810 <__PRETTY_FUNCTION__.23867> "page_check_range") at assert.c:92 +#3 0x000000006010e10e in __assert_fail ( + assertion=assertion@entry=0x601b9758 "start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)", file=file@entry=0x601b9658 "/opt/qemu/accel/tcg/translate-all.c", line=line@entry=2511, + function=function@entry=0x601b9810 <__PRETTY_FUNCTION__.23867> "page_check_range") + at assert.c:101 +#4 0x000000006003e916 in page_check_range (start=start@entry=1099511627776, len=len@entry=1, + flags=flags@entry=1) at /opt/qemu/accel/tcg/translate-all.c:2511 +#5 0x0000000060057717 in access_ok (size=1, addr=1099511627776, type=0) + at /opt/qemu/linux-user/qemu.h:567 +#6 lock_user (copy=0, len=1, guest_addr=1099511627776, type=0) + at /opt/qemu/linux-user/qemu.h:567 +#7 do_syscall (cpu_env=cpu_env@entry=0x622fca28, num=232, arg1=1099511627776, arg2=1, + arg3=274886298751, arg4=0, arg5=274886298808, arg6=66518, arg7=0, arg8=0) + at /opt/qemu/linux-user/syscall.c:11635 +#8 0x0000000060066c5c in cpu_loop (env=env@entry=0x622fca28) + at /opt/qemu/linux-user/riscv/cpu_loop.c:55 +#9 0x0000000060002156 in main (argc=<optimized out>, argv=0x7fffffffed68, + envp=<optimized out>) at /opt/qemu/linux-user/main.c:819 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1791763 b/results/classifier/deepseek-r1:32b/output/syscall/1791763 new file mode 100644 index 000000000..75bb22faf --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1791763 @@ -0,0 +1,16 @@ + + + +broken signal handling in nios2 user-mode emulation + +This bug is against the 3.0 release. + +It appears that the signal handling parts of the nios2 user-mode emulation have never really been completed or tested. Some examples of failing tests from the GCC testsuite are gcc.dg/pr78185.c and gcc.dg/cleanup-10.c. + +Some problems I've identified and tried to fix with the attached patch are: + +- Code copied from the Linux kernel wasn't adjusted to differentiate between host and target data types and address spaces. + +- The sigaltstack() system call returns EINVAL because fields are listed in the wrong order in struct target_sigaltstack. + +With this patch, the system calls to set up the signal handler are returning successfully, but the handler isn't being invoked, so something is still wrong. I think I need another pair of eyes to look over this code. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1791796 b/results/classifier/deepseek-r1:32b/output/syscall/1791796 new file mode 100644 index 000000000..245df7766 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1791796 @@ -0,0 +1,126 @@ + + + +unimplemented thread syscalls in nios2 user-mode emulation + +This bug is reported against the 3.0 release. + +I noticed that the GCC test gcc.dg/torture/tls/tls-test.c is failing when run in user-mode qemu for nios2 target. The problem appears to be that the thread-related syscalls are unimplemented in qemu. Here is output from running with -strace: + +22484 brk(NULL) = 0x00005000 +22484 uname(0x7fffef5a) = 0 +22484 faccessat(AT_FDCWD,"/etc/ld.so.preload",R_OK,0x5) = -1 errno=2 (No such file or directory) +22484 openat(AT_FDCWD,"/scratch/sandra/nios2-linux-trunk3/obj/test-2018.11-999999-nios2-linux-gnu/host-x86_64-linux-gnu/sourceryg++-2018.11/nios2-linux-gnu/libc/./lib/./tls/libm.so.6",O_RDONLY|O_LARGEFILE|O_CLOEXEC) = -1 errno=2 (No such file or directory) +22484 fstatat64(AT_FDCWD,"/scratch/sandra/nios2-linux-trunk3/obj/test-2018.11-999999-nios2-linux-gnu/host-x86_64-linux-gnu/sourceryg++-2018.11/nios2-linux-gnu/libc/./lib/./tls",0x7fffe870,0) = -1 errno=2 (No such file or directory) +22484 openat(AT_FDCWD,"/scratch/sandra/nios2-linux-trunk3/obj/test-2018.11-999999-nios2-linux-gnu/host-x86_64-linux-gnu/sourceryg++-2018.11/nios2-linux-gnu/libc/./lib/./libm.so.6",O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 +22484 read(3,0x7fffe954,512) = 512 +22484 fstat64(3,0x7fffe870) = 0 +22484 mmap2(NULL,803596,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_DENYWRITE,3,0) = 0x7f716000 +22484 mmap2(0x7f7d8000,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0xc1) = 0x7f7d8000 +22484 close(3) = 0 +22484 openat(AT_FDCWD,"/scratch/sandra/nios2-linux-trunk3/obj/test-2018.11-999999-nios2-linux-gnu/host-x86_64-linux-gnu/sourceryg++-2018.11/nios2-linux-gnu/libc/./lib/./libpthread.so.0",O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 +22484 read(3,0x7fffe948,512) = 512 +22484 mmap2(NULL,8192,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS,-1,0) = 0x7f714000 +22484 fstat64(3,0x7fffe864) = 0 +22484 mmap2(NULL,120700,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_DENYWRITE,3,0) = 0x7f6f6000 +22484 mprotect(0x7f70e000,4096,PROT_NONE) = 0 +22484 mmap2(0x7f70f000,12288,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0x18) = 0x7f70f000 +22484 mmap2(0x7f712000,6012,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0) = 0x7f712000 +22484 close(3) = 0 +22484 openat(AT_FDCWD,"/scratch/sandra/nios2-linux-trunk3/obj/test-2018.11-999999-nios2-linux-gnu/host-x86_64-linux-gnu/sourceryg++-2018.11/nios2-linux-gnu/libc/./lib/./libc.so.6",O_RDONLY|O_LARGEFILE|O_CLOEXEC) = 3 +22484 read(3,0x7fffe93c,512) = 512 +22484 fstat64(3,0x7fffe858) = 0 +22484 mmap2(NULL,1491048,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_DENYWRITE,3,0) = 0x7f589000 +22484 mmap2(0x7f6de000,86016,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0x154) = 0x7f6de000 +22484 mmap2(0x7f6f3000,8296,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0) = 0x7f6f3000 +22484 close(3) = 0 +22484 mprotect(0x7f6de000,65536,PROT_READ) = 0 +22484 mprotect(0x7f70f000,8192,PROT_READ) = 0 +22484 mprotect(0x7f7d8000,4096,PROT_READ) = 0 +22484 mprotect(0x00003000,4096,PROT_READ) = 0 +22484 mprotect(0x7f7fc000,4096,PROT_READ) = 0 +22484 set_tid_address(2138131700,2147480980,2147480988,2147480988,87148,47) = 22484 +22484 set_robust_list(2138131708,12,2147480988,0,87148,47) = -1 errno=38 (Function not implemented) +22484 rt_sigaction(32,0x7ffff36c,NULL) = 0 +22484 rt_sigaction(33,0x7ffff36c,NULL) = -1 errno=22 (Invalid argument) +22484 rt_sigprocmask(SIG_UNBLOCK,0x7ffff4a8,NULL) = 0 +22484 getrlimit(3,2147480732,3,0,62512,47) = 0 +22484 mmap2(NULL,8392704,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS|0x20000,-1,0) = 0x7ed88000 +22484 mprotect(0x7ed89000,8388608,PROT_READ|PROT_WRITE) = 0 +22484 brk(NULL) = 0x00005000 +22484 brk(0x00026000) = 0x00026000 +22484 clone(CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,child_stack=0x7f588018,parent_tidptr=0x7f5884fc,tls=0x7f58f928,child_tidptr=0x7f5884fc) = 22503 +22484 io_setup(4001536,2136506392,2136507644,2136507644,2136537384,4100) = -1 errno=38 (Function not implemented) +22484 futex(0x7f5884fc,FUTEX_WAIT,22503,NULL,NULL,0)22484 set_robust_list(2136507652,12,0,4100,2136508076,4100) = -1 errno=38 (Function not implemented) +22484 madvise(2128117760,8372224,4,2136507672,528660,4100) = 0 +22484 exit(0) + = 0 +22484 fstat64(1,0x7fffef48) = 0 +22484 write(1,0x51e8,42)FAIL: a= 10, thr_a = 10 Addr = 0x7f715120 + = 42 +22484 exit_group(1) +sandra@build2-trusty-cs:/scratch/sandra/nios2-linux-trunk3$ +22484 mmap2(NULL,1491048,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_DENYWRITE,3,0) = 0x7f589000 +22484 mmap2(0x7f6de000,86016,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0x154) = 0x7f6de000 +22484 mmap2(0x7f6f3000,8296,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0) = 0x7f6f3000 +22484 close(3) = 0 +22484 mprotect(0x7f6de000,65536,PROT_READ) = 0 +22484 mprotect(0x7f70f000,8192,PROT_READ) = 0 +22484 mprotect(0x7f7d8000,4096,PROT_READ) = 0 +22484 mprotect(0x00003000,4096,PROT_READ) = 0 +22484 mprotect(0x7f7fc000,4096,PROT_READ) = 0 +22484 set_tid_address(2138131700,2147480980,2147480988,2147480988,87148,47) = 22484 +22484 set_robust_list(2138131708,12,2147480988,0,87148,47) = -1 errno=38 (Function not implemented) +22484 rt_sigaction(32,0x7ffff36c,NULL) = 0 +22484 rt_sigaction(33,0x7ffff36c,NULL) = -1 errno=22 (Invalid argument) +22484 rt_sigprocmask(SIG_UNBLOCK,0x7ffff4a8,NULL) = 0 +22484 getrlimit(3,2147480732,3,0,62512,47) = 0 +22484 mmap2(NULL,8392704,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS|0x20000,-1,0) = 0x7ed88000 +22484 mprotect(0x7ed89000,8388608,PROT_READ|PROT_WRITE) = 0 +22484 brk(NULL) = 0x00005000 +22484 brk(0x00026000) = 0x00026000 +22484 clone(CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,child_stack=0x7f588018,parent_tidptr=0x7f5884fc,tls=0x7f58f928,child_tidptr=0x7f5884fc) = 22503 +22484 io_setup(4001536,2136506392,2136507644,2136507644,2136537384,4100) = -1 errno=38 (Function not implemented) +22484 futex(0x7f5884fc,FUTEX_WAIT,22503,NULL,NULL,0)22484 set_robust_list(2136507652,12,0,4100,2136508076,4100) = -1 errno=38 (Function not implemented) +22484 madvise(2128117760,8372224,4,2136507672,528660,4100) = 0 +22484 exit(0) + = 0 +22484 fstat64(1,0x7fffef48) = 0 +22484 write(1,0x51e8,42)FAIL: a= 10, thr_a = 10 Addr = 0x7f715120 + = 42 +22484 exit_group(1) +sandra@build2-trusty-cs:/scratch/sandra/nios2-linux-trunk3$ +22484 mmap2(NULL,1491048,PROT_EXEC|PROT_READ,MAP_PRIVATE|MAP_DENYWRITE,3,0) = 0x7f589000 +22484 mmap2(0x7f6de000,86016,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_DENYWRITE|MAP_FIXED,3,0x154) = 0x7f6de000 +22484 mmap2(0x7f6f3000,8296,PROT_READ|PROT_WRITE,MAP_PRIVATE|MAP_ANONYMOUS|MAP_FIXED,-1,0) = 0x7f6f3000 +22484 close(3) = 0 +22484 mprotect(0x7f6de000,65536,PROT_READ) = 0 +22484 mprotect(0x7f70f000,8192,PROT_READ) = 0 +22484 mprotect(0x7f7d8000,4096,PROT_READ) = 0 +22484 mprotect(0x00003000,4096,PROT_READ) = 0 +22484 mprotect(0x7f7fc000,4096,PROT_READ) = 0 +22484 set_tid_address(2138131700,2147480980,2147480988,2147480988,87148,47) = 22484 +22484 set_robust_list(2138131708,12,2147480988,0,87148,47) = -1 errno=38 (Function not implemented) +22484 rt_sigaction(32,0x7ffff36c,NULL) = 0 +22484 rt_sigaction(33,0x7ffff36c,NULL) = -1 errno=22 (Invalid argument) +22484 rt_sigprocmask(SIG_UNBLOCK,0x7ffff4a8,NULL) = 0 +22484 getrlimit(3,2147480732,3,0,62512,47) = 0 +22484 mmap2(NULL,8392704,PROT_NONE,MAP_PRIVATE|MAP_ANONYMOUS|0x20000,-1,0) = 0x7ed88000 +22484 mprotect(0x7ed89000,8388608,PROT_READ|PROT_WRITE) = 0 +22484 brk(NULL) = 0x00005000 +22484 brk(0x00026000) = 0x00026000 +22484 clone(CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID,child_stack=0x7f588018,parent_tidptr=0x7f5884fc,tls=0x7f58f928,child_tidptr=0x7f5884fc) = 22503 +22484 io_setup(4001536,2136506392,2136507644,2136507644,2136537384,4100) = -1 errno=38 (Function not implemented) +22484 futex(0x7f5884fc,FUTEX_WAIT,22503,NULL,NULL,0)22484 set_robust_list(2136507652,12,0,4100,2136508076,4100) = -1 errno=38 (Function not implemented) +22484 madvise(2128117760,8372224,4,2136507672,528660,4100) = 0 +22484 exit(0) + = 0 +22484 fstat64(1,0x7fffef48) = 0 +22484 write(1,0x51e8,42)FAIL: a= 10, thr_a = 10 Addr = 0x7f715120 + = 42 +22484 exit_group(1) + +Note that set_robust_list and clone are reported as unimplemented. + +I've reported the problems with the signal syscalls separately here. +https://bugs.launchpad.net/qemu/+bug/1791763 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1813307 b/results/classifier/deepseek-r1:32b/output/syscall/1813307 new file mode 100644 index 000000000..f2902e8bd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1813307 @@ -0,0 +1,24 @@ + + + +util/path.c/follow_path() does not handle "/" well + +Hello, + +I noticed that qemu does not handle "/" very well in follow_path(). + +Specifically, I was trying to run gdbserver under qemu, and it failed inside its implementation of __getcwd. + +Indeed it does something like + if (__lstat ("/", &st) < 0) +..... +and then loops from current dir toward the top using lstat("..") + +On qemu side, lstat forwards the request to follow_path() in util/path.c, and when passed "/", it returns the path in QEMU_LD_PREFIX (which was the top of my sysroot). +OTHT, the series of lstat("..") finally reaches the real device root because it's not recognized as "/" in follow_path(), so this is inconsistent and __getcwd fails. + +I suppose there's a good reason for returning QEMU_LD_PREFIX when asking for "/", but why is it so? + +If there's no good reason, maybe the behaviour could be changed to map "/" to "/" ? + +Thanks \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1821006 b/results/classifier/deepseek-r1:32b/output/syscall/1821006 new file mode 100644 index 000000000..40f085527 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1821006 @@ -0,0 +1,38 @@ + + + +qemu: Unsupported syscall: 382 + +I used + +qemu-user-static/stable,stable,now 1:2.8+dfsg-6+deb9u5 amd64 [installed] + +When I try to build an image of a docker for an arm, an error occurs. + +This affects the operation of applications. + + +Dockerfile + +ARG ARCH +FROM ${ARCH}/debian:buster-slim + +RUN \ + printf "Install dependencies...\n" && \ + apt-get update && \ + apt-get install -y --no-install-recommends ca-certificates curl + +RUN curl https://google.com + +EOF + +The command that I run + +docker build --build-arg ARCH=arm32v7 --file ./Dockerfile -t test . + + +root@unit6:/lib/binfmt.d# cat qemu-arm-static.conf +:qemu-arm:M::\x7fELF\x01\x01\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x28\x00:\xff\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\x00\x00\x00\x00\x00\xfe\xff\xff\xff:/usr/bin/qemu-arm-static:F + +Here is a related discussion. +https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923479 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1857811 b/results/classifier/deepseek-r1:32b/output/syscall/1857811 new file mode 100644 index 000000000..929d55838 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1857811 @@ -0,0 +1,10 @@ + + + +qemu user static binary seems to lack support for network namespace. + +Whenever I execute emerge in gentoo linux in qemu-aarch64 chroot, I see the following error message. + +Unable to configure loopback interface: Operation not supported + +If I disable emerge's network-sandbox which utilizes network namespace, the error disappears. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1858461 b/results/classifier/deepseek-r1:32b/output/syscall/1858461 new file mode 100644 index 000000000..c23f0f8d9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1858461 @@ -0,0 +1,26 @@ + + + +Please refactor linux-user/mips/cpu_loop.c + +Hello. I am working with qemu on test images. I've added a new syscall (436) to qemu but received ENOSYS from mips application. + +Please open "linux-user/mips/cpu_loop.c". I've added at the end of "mips_syscall_args" the following: + +``` +MIPS_SYS(sys_getdents64_x32, 3) +``` + +But + +``` +syscall_num = env->active_tc.gpr[2] - 4000; +if (syscall_num >= sizeof(mips_syscall_args)) { + ret = -TARGET_ENOSYS; +``` + +returns -TARGET_ENOSYS + +We can see that "linux-user/mips/cpu_loop.c" differs a lot from "linux-user/arm/cpu_loop.c". Arm has it's own "ARM_NR_BASE" and etc. + +Can you please refactor mips cpu loop in the same way as arm? Thank you. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1860053 b/results/classifier/deepseek-r1:32b/output/syscall/1860053 new file mode 100644 index 000000000..f7ec248b3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1860053 @@ -0,0 +1,23 @@ + + + +Possible lack of precision when calling clock_gettime via vDSO on user mode ppc64le + +Occurs on QEMU v4.2.0 run on docker (via the qemu-user-static:v4.2.0-2 image) on an AMD64 Ubuntu 18.04.3 LTS machine provided by travis-ci.org. + +From golang's https://github.com/golang/go/issues/36592: + +It was discovered that golang's time.NewTicker() and time.Sleep() malfunction when a compiled application was run via QEMU's ppc64le emulator in user mode. + +The methods did not malfunction on actual PowerPC hardware or when the same golang application was compiled for golang's arm, arm64 or 386 targets and was run via user mode QEMU on the same system. + +Curiously, the methods also worked when the program was compiled under go 1.11, but do malfunction in go 1.12 and 1.13. + +It was identified the change in behaviour was most likely attributable to golang switching to using vSDO for calling clock_gettime() on PowerPC 64 architectures in 1.12. I.E: +https://github.com/golang/go/commit/dbd8af74723d2c98cbdcc70f7e2801f69b57ac5b + +We therefore suspect there may be a bug in QEMU's user-mode emulation of ppc64le as relates to vDSO calls to clock_gettime(). + +The nature of the malfunction of time.NewTicker() and time.Sleep() is such that sleeps or ticks with a granularity of less than one second do not appear to be possible (they all revert to 1 second sleeps/ticks). Could it be that the nanoseconds field of clock_gettime() is getting lost in the vDSO version but not in the syscall? Or some other issue calling these methods via vDSO? + +Thanks in advance. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1861341 b/results/classifier/deepseek-r1:32b/output/syscall/1861341 new file mode 100644 index 000000000..d39d7f69d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1861341 @@ -0,0 +1,33 @@ + + + +ARM QEMU: Unknown syscall 397 + +QEMU is reporting + +``` +Unknown syscall 397 +``` + +(statx if I read tables right) when used via flatpak for ARM images on x86_64. This has been reproduced on Fedora and Gentoo. + +To reproduce: + +- get flatpak KDE 5.12 for arm: + +flatpak install --user org.kde.Sdk/arm/5.12 org.kde.Platform/arm/5.12 + + +- run qmake inside Sdk: + +QEMU_STRACE=1 flatpak run --filesystem=host --command=qmake org.kde.Sdk/arm/5.12 . + + +You will get a host of messages with unknown syscall. In practice, qmake will fail to find .pro files if you have them in that folder and libraries in the system. + +As far as I understand, Flatpak images are built on AARCH64 hardware. + +My config on Gentoo: + +kernel: 4.19.86-gentoo x86_64 +app-emulation/qemu: ~4.2.0-r1 , same with 4.0.0 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1876373 b/results/classifier/deepseek-r1:32b/output/syscall/1876373 new file mode 100644 index 000000000..97bedb20d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1876373 @@ -0,0 +1,51 @@ + + + +segfault mremap 4096 + +a qemu-hosted process segfaults when the program calls mremap to shrink the size of a buffer to 4096 that was allocated with mmap. See below for a C program to reproduce this issue. I was able to compile this program for both i386 and 32-bit arm, and use qemu-i386 and qemu-arm to reproduce the segfault. If I run the i386 program natively on my x86_64 system, no segfault occurs. Also note that if I change the mremap size to something else such as 12288, no segfault occurs. I also confirmed using qemu's -singlestep debug option that the segfault occurs during the mremap syscall. + +If you save the source below to mremapbug.c, the following should reproduce the issue given you have gcc-multilib: + +gcc -m32 mremapbug.c +# works +./a.out +# segfault +qemu-i386 a.out + +If you can also compile to arm, the same thing happens when running "qemu-arm a.out". I also tried compiling natively and running "qemu-x86_64 a.out" but no segfault in that case, not sure if it's because it is 64-bits or if it was because it was my native target. + + +#define _GNU_SOURCE +#include <stdlib.h> +#include <stdio.h> +#include <sys/mman.h> + +int main(int argc, char *argv[]) +{ + const size_t initial_size = 8192; + + printf("calling mmap, size=%llu\n", (unsigned long long)initial_size); + void *mmap_ptr = mmap(NULL, initial_size, + PROT_READ | PROT_WRITE , + MAP_PRIVATE | MAP_ANONYMOUS, + -1, 0); + printf("mmap returned : %p\n", mmap_ptr); + if (mmap_ptr == MAP_FAILED) { + perror("mmap"); + exit(1); + } + + const size_t new_size = 4096; + printf("calling mremap, size=%llu\n", (unsigned long long)new_size); + void *remap_ptr = mremap(mmap_ptr, initial_size, new_size, 0); + printf("mremap returned: %p\n", remap_ptr); + if (remap_ptr != mmap_ptr) { + perror("mreamap"); + exit(1); + } + printf("Success: pointers match\n"); +} + + +This issue was found while I was pushing code that calls "mremap" to the Zig compiler repository, it's CI testing uses qemu-i386 and qemu-arm to run tests for non-native hosts. I've filed an issue in that repository as well with details on how to reproduce this issue with the Zig compiler as well: https://github.com/ziglang/zig/issues/5245 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1884719 b/results/classifier/deepseek-r1:32b/output/syscall/1884719 new file mode 100644 index 000000000..58e4b5956 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1884719 @@ -0,0 +1,135 @@ + + + +Function not implemented when using libaio + +Hello + +I experience "Function not implemented" errors when trying to use Linux libaio library in foreign architecture, e.g. aarch64. + +I've faced this problem while using https://github.com/multiarch/qemu-user-static, i.e. Docker+QEMU. +I understand that I do not use plain QEMU and you may count this report as a "distribution of QEMU"! Just let me know what are the steps to test it with plain QEMU and I will test and update this ticket! + + +Here are the steps to reproduce the issue: + +1) On x86_64 machine register QEMU: + + `docker run -it --rm --privileged multiarch/qemu-user-static --reset --credential yes --persistent yes` + +2) Start a Docker image with foreign CPU architecture, e.g. aarch64 + + `docker run -it arm64v8/centos:8 bash` + +3) Inside the Docker container install GCC and libaio + + `yum install gcc libaio libaio-devel` + +4) Compile the following C program + +``` +#include <stdio.h> +#include <errno.h> +#include <libaio.h> +#include <stdlib.h> + +struct io_control { + io_context_t ioContext; +}; + +int main() { + int queueSize = 10; + + struct io_control * theControl = (struct io_control *) malloc(sizeof(struct io_control)); + if (theControl == NULL) { + printf("theControl is NULL"); + return 123; + } + + int res = io_queue_init(queueSize, &theControl->ioContext); + io_queue_release(theControl->ioContext); + free(theControl); + printf("res is: %d", res); +} +``` + + ``` + cat > test.c + [PASTE THE CODE ABOVE HERE] + ^D + ``` + + `gcc test.c -o out -laio && ./out` + + +When executed directly on aarch64 machine (i.e. without emulation) or on x86_64 Docker image (e.g. centos:8) it prints `res is: 0`, i.e. it successfully initialized a LibAIO queue. + +But when executed on Docker image with foreign/emulated CPU architecture it prints `res is: -38` (ENOSYS). `man io_queue_init` says that error ENOSYS is returned when "Not implemented." + +Environment: + +QEMU version: 5.0.0.2 (https://github.com/multiarch/qemu-user-static/blob/master/.travis.yml#L24-L28) +Container application: Docker +Output of `docker --version`: + +``` +Client: + Version: 19.03.8 + API version: 1.40 + Go version: go1.13.8 + Git commit: afacb8b7f0 + Built: Wed Mar 11 23:42:35 2020 + OS/Arch: linux/amd64 + Experimental: false + +Server: + Engine: + Version: 19.03.8 + API version: 1.40 (minimum version 1.12) + Go version: go1.13.8 + Git commit: afacb8b7f0 + Built: Wed Mar 11 22:48:33 2020 + OS/Arch: linux/amd64 + Experimental: false + containerd: + Version: 1.3.3-0ubuntu2 + GitCommit: + runc: + Version: spec: 1.0.1-dev + GitCommit: + docker-init: + Version: 0.18.0 + GitCommit: +``` + +Same happens with Ubuntu (arm64v8/ubuntu:focal). + +I've tried to `strace` it but : + +``` +/usr/bin/strace: ptrace(PTRACE_TRACEME, ...): Function not implemented +/usr/bin/strace: PTRACE_SETOPTIONS: Function not implemented +/usr/bin/strace: detach: waitpid(112): No child processes +/usr/bin/strace: Process 112 detached +``` + +Here are the steps to reproduce the problem with strace: + + ``` + docker run --rm -it --security-opt seccomp:unconfined --security-opt apparmor:unconfined --privileged --cap-add ALL arm64v8/centos:8 bash + + yum install -y strace` + + strace echo Test + ``` + +Note: I used --privileged, disabled seccomp and apparmor, and added all capabilities + +Disabling security solves the "Permission denied" problem but then comes the "Not implemented" one. + + +Any idea what could be the problem and how to work it around ? +I've googled a lot but I wasn't able to find any problems related to libaio on QEMU. + +Thank you! +Martin \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1893010 b/results/classifier/deepseek-r1:32b/output/syscall/1893010 new file mode 100644 index 000000000..c7204a9fc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1893010 @@ -0,0 +1,8 @@ + + + +qemu linux-user doesn't support OFD fcntl locks + +"Open file description locks (non-POSIX)", as they are described in fcntl(2) man page, aren't supported by qemu-user and attempting to use those results in EINVAL. I'm on Gentoo with latest QEMU version currently available (5.0.0-r2), and trying to emulate ppc64 and s390x on x86_64. + +Looking at linux-user/syscall.c, I'm guessing the issue is in (at least) `target_to_host_fcntl_cmd` where switch reaches the default clause as there're no cases for F_OFD_SETLK / F_OFD_SETLKW / F_OFD_GETLK. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1894361 b/results/classifier/deepseek-r1:32b/output/syscall/1894361 new file mode 100644 index 000000000..2f0619424 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1894361 @@ -0,0 +1,8 @@ + + + +linux-user: syscall.c lacks pselect6_time64 + +in commit 50efc69586388a975c1ebd90cb8cc8e4a7328bc4 legacy pselect6 definition +for riscv32 was removed in favour of pselect6_time64, but pselect6_time64 is +not available in syscall.c, thus leaving riscv32 without pselect syscall. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1906193 b/results/classifier/deepseek-r1:32b/output/syscall/1906193 new file mode 100644 index 000000000..3d8af2070 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1906193 @@ -0,0 +1,60 @@ + + + +riscv32 user mode emulation: fork return values broken + +When running in a chroot with riscv32 (on x86_64; qemu git master as of today): + +The following short program forks; the child immediately returns with exit(42). The parent checks for the return value - and obtains 40! + +gcc-10.2 + +=============================================== +#include <stdlib.h> +#include <unistd.h> +#include <stdio.h> +#include <sys/wait.h> + +main(c, v) + int c; + char **v; +{ + pid_t pid, p; + int s, i, n; + + s = 0; + pid = fork(); + if (pid == 0) + exit(42); + + /* wait for the process */ + p = wait(&s); + if (p != pid) + exit (255); + + if (WIFEXITED(s)) + { + int r=WEXITSTATUS(s); + if (r!=42) { + printf("child wants to return %i (0x%X), parent received %i (0x%X), difference %i\n",42,42,r,r,r-42); + } + } +} +=============================================== + +(riscv-ilp32 chroot) farino /tmp # ./wait-test-short +child wants to return 42 (0x2A), parent received 40 (0x28), difference -2 + +=============================================== +(riscv-ilp32 chroot) farino /tmp # gcc --version +gcc (Gentoo 10.2.0-r1 p2) 10.2.0 +Copyright (C) 2020 Free Software Foundation, Inc. +Dies ist freie Software; die Kopierbedingungen stehen in den Quellen. Es +gibt KEINE Garantie; auch nicht für MARKTGÄNGIGKEIT oder FÜR SPEZIELLE ZWECKE. + +(riscv-ilp32 chroot) farino /tmp # ld --version +GNU ld (Gentoo 2.34 p6) 2.34.0 +Copyright (C) 2020 Free Software Foundation, Inc. +This program is free software; you may redistribute it under the terms of +the GNU General Public License version 3 or (at your option) a later version. +This program has absolutely no warranty. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/1926996 b/results/classifier/deepseek-r1:32b/output/syscall/1926996 new file mode 100644 index 000000000..677818f55 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/1926996 @@ -0,0 +1,23 @@ + + + +qemu-user clone syscall fails + +qemu-user fails to emulate clone() (https://linux.die.net/man/2/clone). The architecture doesn't seem to matter, tho I've mostly been testing aarch64. + +Attached is clone_test.c that demonstrates the problem. Running it natively looks like this: +$ bin/clone_test +The variable was 9 +clone returned 4177: 0 Success +The variable is now 42 + + +However, running it via qemu looks like: +$ qemu-aarch64-static --version +qemu-aarch64 version 5.2.0 (v5.2.0) +Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers + +$ qemu-aarch64-static ./clone_test +The variable was 9 +clone returned -1: 22 Invalid argument +The variable is now 9 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/output/syscall/2112 b/results/classifier/deepseek-r1:32b/output/syscall/2112 new file mode 100644 index 000000000..bc4154860 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/2112 @@ -0,0 +1,29 @@ + + + +Limited Support for MIPS clone syscall in QEMU User Mode +Description of problem: +Hello, + +I have been working with QEMU user mode to run programs based on the MIPS architecture and have encountered a limitation regarding the support for the MIPS clone syscall in the current implementation of QEMU user mode. Specifically, when invoking the clone syscall with certain flags, it results in the error "errno=22 (Invalid argument)" due to the absence of corresponding handling code in QEMU. + +Upon further investigation, I pinpointed the probable cause. QEMU user mode appears to check if the flags for the clone syscall include all the flags defined in CLONE_THREAD_FLAGS. If there is a mismatch, it returns "-TARGET_EINVAL". + +[source code](https://gitlab.com/qemu-project/qemu/-/blob/master/linux-user/syscall.c?ref_type=heads#L6564) + +The current CLONE_THREAD_FLAGS in QEMU are set to include: (CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND | CLONE_THREAD | CLONE_SYSVSEM). + +However, in my MIPS program, the flags are only: (CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND). + +Aligning my MIPS program to include all the flags as per CLONE_THREAD_FLAGS alters the clone syscall's behavior, deviating from the original semantics required by my MIPS program. + +I am seeking guidance on whether there is a way in QEMU user mode's MIPS syscall handling to exclusively use the flags (CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND). Alternatively, I am interested in any possible approach to enable support for the MIPS architecture's clone syscall in QEMU user mode. + +Thank you for your time and assistance. +Steps to reproduce: +1. Write a C program that utilizes the clone function, specifying the flags as: CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND. + +strace output: +``` +clone(CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND,child_stack=0x009359a8,parent_tidptr=0x00000f00,tls=0x00000003,child_tidptr=0x2b36d510) = -1 errno=22 (Invalid argument) +``` diff --git a/results/classifier/deepseek-r1:32b/output/syscall/2123 b/results/classifier/deepseek-r1:32b/output/syscall/2123 new file mode 100644 index 000000000..ec7f9aaa9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/2123 @@ -0,0 +1,34 @@ + + + +Invalid subprocess commands spawns successfully when running under QEMU +Description of problem: +When executing a subprocess from with a non-existing command EQMU still spawns a process. + +Consider this small rust program for instance: +```rust +use std::process::Command; + +fn main() { + match Command::new("thisdoesnotexist").spawn() { + Ok(child) => { + println!("Child process id is {}", child.id()); + } + Err(_) => { + println!("This should happen"); + } + } +} +``` + +**Executing with `qemu-aarch64`:** +```shell +qemu-aarch64 ./rust-app +Child process id is 20182 +``` + +**Executing regularly:** +```shell +./rust-app +This should happen +``` diff --git a/results/classifier/deepseek-r1:32b/output/syscall/2168 b/results/classifier/deepseek-r1:32b/output/syscall/2168 new file mode 100644 index 000000000..374e0a3b0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/2168 @@ -0,0 +1,35 @@ + + + +qemu-x86_64: segfault when running grep on arm64 host +Description of problem: +An internal segmentation fault occurs when attempting to run `grep` in a Gentoo stage3 chroot +Steps to reproduce: +1. Unpack an x86_64 chroot environment (easiest way is using one of Gentoo's stage3s from https://get.gentoo.org) +2. Run `qemu-x86_64 -L /path/to/x86_64/chroot /path/to/x86_64/chroot/bin/grep` +Additional information: +It seems this only occurs in 8.x.x, 7.x.x does not have this segfault. + +Output: +``` +# qemu-x86_64 -L /bugs/grep-sandbox /bugs/grep-sandbox/bin/grep +qemu-x86_64: QEMU internal SIGSEGV {code=MAPERR, addr=0x20} +Segmentation fault +``` + +GDB bt: +``` +(gdb) bt +#0 open_self_maps_2 (opaque=0xffffffffd0b0, guest_start=18446744073699065856, guest_end=<optimized out>, flags=12) at ../linux-user/syscall.c:8089 +#1 0x000000000048539c in walk_memory_regions (priv=priv@entry=0xffffffffd0b0, fn=fn@entry=0x4a13e4 <open_self_maps_2>) at ../accel/tcg/user-exec.c:176 +#2 0x00000000004a20bc in open_self_maps_1 (smaps=false, fd=3, env=<optimized out>) at ../linux-user/syscall.c:8112 +#3 open_self_maps (cpu_env=<optimized out>, fd=3) at ../linux-user/syscall.c:8122 +#4 0x00000000004aaa00 in do_guest_openat (cpu_env=cpu_env@entry=0x862050, dirfd=dirfd@entry=-100, fname=fname@entry=0x5555555776f1 "/proc/self/maps", flags=0, mode=mode@entry=0, safe=safe@entry=true) + at ../linux-user/syscall.c:8381 +#5 0x00000000004b0cc4 in do_syscall1 (cpu_env=cpu_env@entry=0x862050, num=num@entry=257, arg1=arg1@entry=4294967196, arg2=arg2@entry=93824992376561, arg3=arg3@entry=0, arg4=arg4@entry=0, + arg5=arg5@entry=93824992373306, arg6=arg6@entry=0, arg8=0, arg7=0) at ../linux-user/syscall.c:9075 +#6 0x00000000004b2770 in do_syscall (cpu_env=cpu_env@entry=0x862050, num=257, arg1=4294967196, arg2=93824992376561, arg3=0, arg4=0, arg5=93824992373306, arg6=0, arg7=arg7@entry=0, arg8=arg8@entry=0) + at ../linux-user/syscall.c:13658 +#7 0x0000000000404fdc in cpu_loop (env=env@entry=0x862050) at ../linux-user/x86_64/../i386/cpu_loop.c:242 +#8 0x0000000000400d7c in main (argc=4, argv=0xffffffffed48, envp=<optimized out>) at ../linux-user/main.c:1014 +``` diff --git a/results/classifier/deepseek-r1:32b/output/syscall/2170 b/results/classifier/deepseek-r1:32b/output/syscall/2170 new file mode 100644 index 000000000..a82ba2bbc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/2170 @@ -0,0 +1,47 @@ + + + +qemu-x86_64 crashes when the application calls pthread_getattr_np() +Description of problem: +QEMU user emulation crashes with this program: +``` +#define _GNU_SOURCE +#include <stdio.h> +#include <pthread.h> + +int main() +{ + pthread_attr_t attr; + int error = pthread_getattr_np(pthread_self(), &attr); + + printf("%d\n", error); + return 0; +} +``` +Steps to reproduce: +1. Compile the program above +2. Run QEMU +Additional information: +QEMU crashes with: +``` +qemu-x86_64: QEMU internal SIGSEGV {code=MAPERR, addr=0x20} +Segmentation fault (core dumped) + +``` + +In gdb I get this backtrace: +``` +#0 0x0000555555627d6d in open_self_maps_2 (opaque=0x7fffffffc020, guest_start=18446744073699065856, guest_end=<optimized out>, flags=12) at ../linux-user/syscall.c:8089 +#1 0x000055555560ce67 in walk_memory_regions (priv=priv@entry=0x7fffffffc020, fn=fn@entry=0x555555627d30 <open_self_maps_2>) at ../accel/tcg/user-exec.c:176 +#2 0x0000555555628b3a in open_self_maps_1 (smaps=<optimized out>, fd=<optimized out>, env=<optimized out>) at ../linux-user/syscall.c:8112 +#3 open_self_maps (cpu_env=<optimized out>, fd=3) at ../linux-user/syscall.c:8122 +#4 0x0000555555631e24 in do_guest_openat (cpu_env=cpu_env@entry=0x55555583ae20, dirfd=dirfd@entry=-100, fname=fname@entry=0x2aaaab496eb4 "/proc/self/maps", flags=524288, mode=mode@entry=0, safe=safe@entry=true) at ../linux-user/syscall.c:8381 +#5 0x0000555555638f71 in do_syscall1 (cpu_env=cpu_env@entry=0x55555583ae20, num=num@entry=257, arg1=arg1@entry=4294967196, arg2=arg2@entry=46912506523316, arg3=arg3@entry=524288, arg4=arg4@entry=0, arg5=<optimized out>, arg6=<optimized out>, arg8=0, arg7=0) at ../linux-user/syscall.c:9075 +#6 0x000055555563b659 in do_syscall (cpu_env=cpu_env@entry=0x55555583ae20, num=257, arg1=4294967196, arg2=46912506523316, arg3=524288, arg4=0, arg5=8, arg6=1, arg7=0, arg8=0) at ../linux-user/syscall.c:13658 +#7 0x000055555558db19 in cpu_loop (env=env@entry=0x55555583ae20) at ../linux-user/x86_64/../i386/cpu_loop.c:242 +#8 0x00005555555898d8 in main (argc=<optimized out>, argv=0x7fffffffdd38, envp=<optimized out>) at ../linux-user/main.c:1012 + +``` + +This bug was introduced in the rewrite of `open_self_maps` in 7b7a3366e142d3baeb3fd1d3660a50e7956c19eb. +The current master (5767815218efd3cbfd409505ed824d5f356044ae) is still affected. diff --git a/results/classifier/deepseek-r1:32b/output/syscall/2197 b/results/classifier/deepseek-r1:32b/output/syscall/2197 new file mode 100644 index 000000000..08119aaf3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/2197 @@ -0,0 +1,61 @@ + + + +qemu user space emulator handles syscall `setsockopt()` with `optlen=0` incorrectly +Description of problem: +Note that despite I have only tested with the parameters/environments above, this problem probably **affects ALL architectures on Linux**. + +When user program calls `setsockopt(fd, SOL_ALG, ALG_SET_KEY, NULL, 0)`, qemu intercepts the syscall and returns `-1` with `errno = ENOMEM`, which should have completed successfully returning zero. +Steps to reproduce: +1. compile this code to binary executable: +```c +#include <unistd.h> +#include <sys/types.h> +#include <sys/socket.h> +#include <stdio.h> +#include <stdlib.h> +#include <string.h> +#include <linux/if_alg.h> + +int create_alg(const char *alg) +{ + struct sockaddr_alg salg; + int sk; + + sk = socket(PF_ALG, SOCK_SEQPACKET | SOCK_CLOEXEC, 0); + if (sk < 0) + return -1; + + memset(&salg, 0, sizeof(salg)); + salg.salg_family = AF_ALG; + strcpy((char *) salg.salg_type, "hash"); + strcpy((char *) salg.salg_name, alg); + + if (bind(sk, (struct sockaddr *) &salg, sizeof(salg)) < 0) { + close(sk); + return -1; + } + + return sk; +} + +int main() { + int fd = create_alg("hmac(sha1)"); + char buf[10]; + int ret = setsockopt(fd, SOL_ALG, ALG_SET_KEY, NULL, 0); + if(ret < 0){ + perror("err"); + } + else{ + puts("SUCCESS!"); + } + return 0; +} +``` +2. run it in any qemu user space emulator + +On real Linux kernel, this program outputs a `SUCCESS!` while in qemu it prints `err: Cannot allocate memory`. + +The error is neither informative nor intuitive and could be misleading for user programs. +Additional information: +I already have a patch which fixes the issue and I'm willing to send it to mailing list as soon as I have done the testing. diff --git a/results/classifier/deepseek-r1:32b/output/syscall/2309 b/results/classifier/deepseek-r1:32b/output/syscall/2309 new file mode 100644 index 000000000..41394ee53 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/2309 @@ -0,0 +1,34 @@ + + + +qemu-aarch64 hangs running cargo test after libc6 upgrade to 2.36-9+deb12u6 +Description of problem: +qemu-aarch64 seems to hang with 100% cpu usage without any indication. +with -p 12345 for gdb debugging, gdb could not interrupt the remote with ctrl-c. +Steps to reproduce: +1. Ensure the test env has 2.36-9+deb12u6 +2. Install the latest rust toolchain. +3. mkdir test_test && cargo init +4. ensure src/main.rs has +``` +fn main() { + println!("Hello, world!"); +} + +#[test] +fn test() { + println!("hAAA!"); +} +``` +5. create .cargo/config.toml +``` +[target.aarch64-unknown-linux-gnu] +linker = "aarch64-linux-gnu-gcc" +runner = "qemu-aarch64 -L /usr/aarch64-linux-gnu" +rustflags = ["-C", "target-cpu=neoverse-n1"] +``` +6. cargo test --target aarch64-unknown-linux-gnu +Additional information: +The issue does not seem to occur with libc6:2.36-9+deb12u4 + +The same binary runs fine on a real arm64 target with the upgraded libc6 version 2.36-9+deb12u6. diff --git a/results/classifier/deepseek-r1:32b/output/syscall/2390 b/results/classifier/deepseek-r1:32b/output/syscall/2390 new file mode 100644 index 000000000..31e35832e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/2390 @@ -0,0 +1,66 @@ + + + +linux-user: Qemu handles `getsockopt` with NULL `optval` incorrectly +Description of problem: +In short call to `getsockopt(_, SOL_TCP, TCP_KEEPIDLE, NULL, _)` behaves differently on RISC-V Qemu than on x64 Linux. +On Linux syscall returns 0, but on Qemu it fails with `"Bad address"`. +Apparently Qemu `getsockopt` implementation is more conservative about NULL `optval` argument than kernel implementation. However man permits passing NULL [link](https://man7.org/linux/man-pages/man2/setsockopt.2.html): + +> For getsockopt(), optlen is a value-result argument, initially + containing the size of the buffer pointed to by optval, and + modified on return to indicate the actual size of the value + returned. **If no option value is to be supplied** or returned, + **optval may be NULL.**" + +For me it sounds like accepting NULL without error (and x64 confirms that interpretation). +Steps to reproduce: +1. Use below toy program `getsockopt.c` and compile it without optimizations like: +``` + gcc -Wall -W -std=gnu11 -pedantic getsockopt.c -o getsockopt +``` + +``` +#include <stdlib.h> +#include <unistd.h> +#include <errno.h> +#include <stdio.h> +#include <netinet/in.h> +#include <sys/socket.h> +#include <netinet/tcp.h> + +static void fail_on_error(int error, const char *msg) { + if (error < 0) { + perror(msg); + exit(errno); + } +} + +int main(int argc, char **argv) { + int socketfd = socket(AF_INET, SOCK_STREAM | SOCK_CLOEXEC, IPPROTO_TCP); + fail_on_error(socketfd, "socket error"); + uint8_t *option_value = NULL; + int32_t len = 0; + int32_t *option_len = &len; + socklen_t opt_len = (socklen_t)*option_len; + int status = getsockopt(socketfd, SOL_TCP, TCP_KEEPIDLE, option_value, &opt_len); + fail_on_error(status, "getsockopt error"); + return 0; +} +``` + + +2. Run program on Qemu and compare output with output from x64 build. In my case it looks like: +``` +root@57646f544f3a:/runtime/programs# ./getsockopt-x64 +root@57646f544f3a:/runtime/programs# ./getsockopt-riscv +getsockopt error: Bad address +``` +Additional information: +I don't think issue is platform specific assuming Qemu `getsockopt` implementation that is actually running is here: +[link](https://github.com/qemu/qemu/blob/master/linux-user/syscall.c#L2522) + +Looking at sources, I'm not sure why Qemu can't simply forward everything to kernel space +instead doing extra sanity checks together with `optval` dereference attempt that eventually fails in one of `put_user*_` function: [link](https://github.com/qemu/qemu/blob/master/linux-user/syscall.c#L2753) + +Anyway, I think that interpretation of man quote is rather straightforward and Qemu `getsockopt` implementation should follow it. diff --git a/results/classifier/deepseek-r1:32b/output/syscall/2485 b/results/classifier/deepseek-r1:32b/output/syscall/2485 new file mode 100644 index 000000000..31508fdf4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/2485 @@ -0,0 +1,50 @@ + + + +getifaddrs linked with musl libc hangs on big-endian targets +Description of problem: +When the following C program (borrowed from curl's `configure`) is compiled for { m68k, ppc, ppc64, s390x } (possibly others, like or1k and sparc) and linked against musl libc, it hangs inside musl when run. Copying the same binaries to real hardware results in success. + +```c +#include <stdlib.h> +#include <ifaddrs.h> + +int +main (void) +{ + + struct ifaddrs *ifa = 0; + int error; + + error = getifaddrs(&ifa); + if (error || !ifa) + exit(1); + else + exit(0); + + return 0; +} +``` +Steps to reproduce: +1. Compile the above program and link it with musl libc (pre-built toolchains are available [here](https://musl.cc/)) +2. Run the appropriate `qemu-*` (e.g. `qemu-m68k ./test` or `qemu-ppc ./test`) +3. Observe that the process hangs. +Additional information: +This has come up elsewhere: + +* https://bugs.gentoo.org/914256 +* https://www.openwall.com/lists/musl/2018/05/30/4 +* Likely affects or1k but I can't test that at the moment (need to debug an unrelated issue with that toolchain) +* Likely affects sparc but that port/toolchain is also a WIP + +Here are some static sample binaries for the above program: + +* https://temp.zv.io/qemu-bug.tar.xz (no guarantees of continued existence months or years later) + +GitLab labels seem to be missing: + +* ~"kind::Bug" +* ~"linux-user" +* ~"target: ppc" +* ~"target: m68k" +* ~"target: s390x" diff --git a/results/classifier/deepseek-r1:32b/output/syscall/2504 b/results/classifier/deepseek-r1:32b/output/syscall/2504 new file mode 100644 index 000000000..b62e4b7ad --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/2504 @@ -0,0 +1,10 @@ + + + +linux-user: qemu-x86_64 run /bin/XX got some error on LoongArch machine +Description of problem: +on LoongArch host, chroot x86_64-rootfs then run 'ls' got some error. +Steps to reproduce: +[chrootlog.txt](/uploads/2b77e7d9216396491ef4dc42bf24acc0/chrootlog.txt) +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/syscall/2592 b/results/classifier/deepseek-r1:32b/output/syscall/2592 new file mode 100644 index 000000000..6f7daacfc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/2592 @@ -0,0 +1,40 @@ + + + +qemu-aarch64 cannot properly support some python functions from the `time` module +Description of problem: +When a function is run in python (for example, `time.time()`), python returns the following error: +``` +Traceback (most recent call last): + File "<string>", line 1, in <module> +OSError: [Errno 0] Error +``` +I am absolutely sure that this problem is related to `qemu-aarch64`, because the same python build works perfectly in aarch64 machine. In addition, python for arm architecture with `qemu-arm` does not have such a problem. +Steps to reproduce: +Note, this instruction specifies the stage of installation of that very python. But since it is compiled for Termux, you will have to use some scripts. +1. Create a simple codespace environment. +2. Run the following commands through the terminal: +``` +git clone https://github.com/termux-pacman/glibc-packages +cd glibc-packages +./get-build-package.sh +sudo mkdir /data +sudo chown codespace /data +sudo chgrp codespace /data +sudo apt update +sudo apt install patchelf +./scripts/setup-cgct.sh +``` +3. Run the following command. Note that the installation phase will start there. You should stop the script when the installation phase is complete. +``` +./build-package.sh -I -w --library glibc gpkg/gobject-introspection +``` +4. Install standard qemu via apt. +5. Run the following command: +``` +qemu-aarch64 /data/data/com.termux/files/usr/glibc/bin/python3.12 -c "import time; time.time()" +``` +Additional information: +- For some reason this error only occurs in the environment from GitHub. On my computer this error does not occur. + - Here is a log of one of the github actions, which shows an attempt to compile packages with python on different architectures - https://github.com/termux-pacman/glibc-packages/actions/runs/11023254502. +For reference, I use qemu for more flexible compilation of packages. And in github actions, qemu is installed here - https://github.com/termux-pacman/glibc-packages/blob/main/.github/workflows/build.yml#L35. diff --git a/results/classifier/deepseek-r1:32b/output/syscall/263 b/results/classifier/deepseek-r1:32b/output/syscall/263 new file mode 100644 index 000000000..f3908b636 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/263 @@ -0,0 +1,4 @@ + + + +readdir() returns NULL (errno=EOVERFLOW) for 32-bit user-static qemu on 64-bit host diff --git a/results/classifier/deepseek-r1:32b/output/syscall/2825 b/results/classifier/deepseek-r1:32b/output/syscall/2825 new file mode 100644 index 000000000..283fd4559 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/2825 @@ -0,0 +1,40 @@ + + + +execveat with file descriptor and empty filename returns ENOENT when cross architectures +Description of problem: +On my x86_64 debian host (with binfmt_misc configured), when calling execveat with a fd , and empty pathname "", and flag AT_EMPTY_PATH. Then only x86_64 and x86 can be called normally, while programs of other architectures (arm64, arm, riscv64, etc.) will return ENOENT errors. + +I first encountered this problem when trying to run lxc-attach with qemu-aarch64. Its reference is [lxc/stable-6.0/src/include/fexecve.c#L30](https://github.com/lxc/lxc/blob/stable-6.0/src/include/fexecve.c#L30), which is the implementation of the fexecve function. So I wrote a simple test and compiled it with `x86_64/aarch64-linux-gnu-gcc -static test.c -o test`. execveat works fine when running natively or using qemu-x86_64/qemu-i386. When running versions for other architectures, using AT_EMPTY_PATH will result in ENOENT (No such file or directory); use /proc/self/fd/%d as the pathname and execve, it will work fine (like the rest part of the fexecve function). If binfmt_misc is turned off and run forign architectures ver, both calls will result in ENOEXEC (Exec format error). +Steps to reproduce: +1. Install qemu-user and binfmt_misc. Install gcc-aarch64-linux-gnu/gcc-riscv64-linux-gnu etc. +2. Compile test.c with host gcc, then compile forign architectures ver with gcc-aarch64-linux-gnu/gcc-riscv64-linux-gnu etc. like `gcc -static test.c -o test` and `aarch64-linux-gnu-gcc -static test.c -o test-aarch64` +3. Run different versions of test +4. To disable/enable binfmt, you can `echo 0 > /proc/sys/fs/binfmt_misc/qemu-aarch64` or `echo 1 > /proc/sys/fs/binfmt_misc/qemu-aarch64` +5. Sample outputs + +``` +rrex@debian:~/Downloads$ ./test +****Running to prepare execve +fd=3 +File size: 772296 bytes + +execveat with AT_EMPTY_PATH: +**Running in execve + +execveat with fd path: /proc/self/fd/3 +**Running in execve + +rrex@debian:~/Downloads$ qemu-aarch64 ./test-aarch64 +****Running to prepare execve +fd=3 +File size: 706104 bytes + +execveat with AT_EMPTY_PATH: +!!execveat a fd failed with errno: No such file or directory + +execveat with fd path: /proc/self/fd/3 +**Running in execve +``` +Additional information: +# diff --git a/results/classifier/deepseek-r1:32b/output/syscall/306 b/results/classifier/deepseek-r1:32b/output/syscall/306 new file mode 100644 index 000000000..200c62a2d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/306 @@ -0,0 +1,4 @@ + + + +Option to constrain linux-user exec() to emulated CPU only diff --git a/results/classifier/deepseek-r1:32b/output/syscall/324 b/results/classifier/deepseek-r1:32b/output/syscall/324 new file mode 100644 index 000000000..fe76e37d9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/324 @@ -0,0 +1,4 @@ + + + +chrome based apps can not be run under qemu user mode diff --git a/results/classifier/deepseek-r1:32b/output/syscall/326 b/results/classifier/deepseek-r1:32b/output/syscall/326 new file mode 100644 index 000000000..f635a6102 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/326 @@ -0,0 +1,4 @@ + + + +QEMU-user ignores MADV_DONTNEED diff --git a/results/classifier/deepseek-r1:32b/output/syscall/356 b/results/classifier/deepseek-r1:32b/output/syscall/356 new file mode 100644 index 000000000..a9e926b76 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/356 @@ -0,0 +1,4 @@ + + + +qemu linux-user doesn't translate host/target data for iovec I/O diff --git a/results/classifier/deepseek-r1:32b/output/syscall/456 b/results/classifier/deepseek-r1:32b/output/syscall/456 new file mode 100644 index 000000000..af5974ced --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/456 @@ -0,0 +1,32 @@ + + + +Qemu User (x86_64) Hangs after futex function not implemented error +Description of problem: +Qemu User hangs on futex call with the following last strace +``` +futex(0x0000004001a01654,FUTEX_PRIVATE_FLAG|FUTEX_UNLOCK_PI,0,NULL,NULL,0) = -1 errno=38 (Function not implemented) +``` +This is the last call until giving a SIGINT with CTRL + C where the following strace is output +``` +futex(0x00000040b0085180,FUTEX_PRIVATE_FLAG|FUTEX_WAIT,2,NULL,NULL,0) = -1 errno=4 (Interrupted system call) +--- SIGINT {si_signo=SIGINT, si_code=SI_KERNEL, si_pid=0, si_uid=0} --- + +``` +Steps to reproduce: +1. Install steamcmd https://developer.valvesoftware.com/wiki/SteamCMD +2. In the steamcmd shell install Valheim dedicated server with `app_update 896660` +3. Navigate to the downloaded app `cd ~/Steam/steamapps/common/Valheim\ dedicated\ server/` +4. Run `qemu-x86_64 valheim_server.x86_64` +5. The process hangs as per description. +Additional information: +The issue was originally encountered on a raspberry pi ARM64 host using the ubuntu 5.2.0 version of qemu. Installed cross libararies: +* libc6-amd64-cross +* libgcc-s1-amd64-cross + +It was then replicated on the x86 host fedora with a build of the qemu master branch. +The full qemu -strace output is provided below +[qemu_strace_output.log](/uploads/96e0e31b1e63191a94d73f05023c5173/qemu_strace_output.log) + +The expected output found when running `strace ./valheim_server.x86_64` without qemu on the x86_64 host is attached below +[expected_output.log](/uploads/b3b25618103de8a3b9c0ef227bbffc9c/expected_output.log) diff --git a/results/classifier/deepseek-r1:32b/output/syscall/470 b/results/classifier/deepseek-r1:32b/output/syscall/470 new file mode 100644 index 000000000..3b9132949 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/470 @@ -0,0 +1,4 @@ + + + +qemu linux-user requires read permissions on memory passed to syscalls that should only need write access diff --git a/results/classifier/deepseek-r1:32b/output/syscall/577 b/results/classifier/deepseek-r1:32b/output/syscall/577 new file mode 100644 index 000000000..367666b81 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/577 @@ -0,0 +1,28 @@ + + + +getdtablesize() returns wrong value in qemu user mode on Linux/alpha +Description of problem: +The `getdtablesize()` function returns a value that is too large. Namely, `getdtablesize() - 1` ought to be a valid file descriptor, but is not. +Steps to reproduce: +[foo.c](/uploads/7a9e99d3811fe4a7eef183ed98c966a4/foo.c) + +1. +``` +# apt install g++-10-alpha-linux-gnu +``` +2. +``` +$ alpha-linux-gnu-gcc-10 -Wall -static foo.c +``` +[a.out](/uploads/4fffa6dd2332885f51e4030dcbe25644/a.out) + +3. Transfer the a.out file to a Linux/alpha machine; execute it there. The return code is 0. +4. +``` +$ QEMU_LD_PREFIX=/usr/alpha-linux-gnu ~/inst-qemu/6.1.0/bin/qemu-alpha ./a.out ; echo $? +``` +Expected: `0` +Actual: `1` +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/syscall/578 b/results/classifier/deepseek-r1:32b/output/syscall/578 new file mode 100644 index 000000000..044d207a9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/578 @@ -0,0 +1,33 @@ + + + +getdomainname() is not implemented in QEMU user mode on Linux/sparc64 +Description of problem: +The `getdomainname()` function fails, instead of succeeding. +Steps to reproduce: +[foo.c](/uploads/7586c9aab788855b232a5c2f6aaeb4fc/foo.c) + +1. +``` +# apt install g++-10-sparc64-linux-gnu +# mkdir -p /usr/sparc64-linux-gnu/etc +# touch /usr/sparc64-linux-gnu/etc/ld.so.cache +``` +2. +``` +$ sparc64-linux-gnu-gcc-10 -Wall -static foo.c +``` +[a.out](/uploads/39d291b95caa182d74b0b622a82667e8/a.out) + +3. Transfer the a.out file to a Linux/sparc64 machine; execute it there. It prints +``` +result: (none) +``` +4. +``` +$ QEMU_LD_PREFIX=/usr/sparc64-linux-gnu ~/inst-qemu/6.1.0/bin/qemu-sparc64 ./a.out +``` +Expected: `result: (none)` +Actual: `getdomainname: Function not implemented` +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/syscall/579 b/results/classifier/deepseek-r1:32b/output/syscall/579 new file mode 100644 index 000000000..205f8cfbe --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/579 @@ -0,0 +1,53 @@ + + + +chown() fails when it should succeed in QEMU user mode on Linux/sparc64 +Description of problem: +The `chown()` function fails, instead of succeeding, in a particular situation. +Steps to reproduce: +[foo.c](/uploads/630d9b83671a071f4ded4da43b6c1b9b/foo.c) + +1. +``` +# apt install g++-10-sparc64-linux-gnu +# mkdir -p /usr/sparc64-linux-gnu/etc +# touch /usr/sparc64-linux-gnu/etc/ld.so.cache +``` +2. +``` +$ sparc64-linux-gnu-gcc-10 -Wall -static foo.c +``` +[a.out](/uploads/bbab43a1b78e6d16ee13e0eff5e963a5/a.out) + +3. Transfer the a.out file to a Linux/sparc64 machine; execute these commands there: +``` +$ id +``` +Verify that you are in 2 or more groups. +``` +$ touch file +$ ln -s file link +$ ln -s link link2 +$ ./a.out; echo $? +``` +It prints `0`. + +4. +``` +$ id +``` +Verify that you are in 2 or more groups. +``` +$ touch file +$ ln -s file link +$ ln -s link link2 +$ QEMU_LD_PREFIX=/usr/sparc64-linux-gnu ~/inst-qemu/6.1.0/bin/qemu-sparc64 ./a.out; echo $? +``` +Expected: `0` +Actual: +``` +chown: Operation not permitted +1 +``` +Additional information: + diff --git a/results/classifier/deepseek-r1:32b/output/syscall/654 b/results/classifier/deepseek-r1:32b/output/syscall/654 new file mode 100644 index 000000000..33a64a50c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/654 @@ -0,0 +1,26 @@ + + + +Strace Log Output Mangled +Description of problem: +The syscall log entries from the strace logging capability can be interrupted by other log messages before the full syscall line is +complete. +This makes parsing the strace syscall lines from the log output difficult. +Steps to reproduce: +1. Run the supplied command with a simple dynamically linked binary, or a binary that performs mmaps +2. Notice that the strace 'mmap' syscall log entries in the trace file are interrupted by the page log output +Additional information: +I have attached an example log from a dynamically linked 'hello world' binary, which demonstrates the bug in the mmap syscall strace entries. [output.trace](/uploads/88c83273582d00241fbf95af735dcc61/output.trace) + + +I believe this bug caused by a couple of things: +Firstly, in the linux-user/syscall.c file: the strace syscall entry is not output atomically, but instead split across two calls: +The first half is at `print_syscall`: https://gitlab.com/qemu-project/qemu/-/blob/master/linux-user/syscall.c#L13153 +And the return value (and new line) is printed in `print_syscall_ret`: https://gitlab.com/qemu-project/qemu/-/blob/master/linux-user/syscall.c#L13160 + +In the case of the mmap syscall, the function `log_page_dump` is called between these two functions resulting in the mangled log output: +https://gitlab.com/qemu-project/qemu/-/blob/master/linux-user/mmap.c#L633 +There may be other syscalls that behave similarly, but this was noticed due to the mmap behavior. + + +Internally to the `print_syscall` and `print_syscall_ret` functions, `qemu_log` is called multiple times to compose the full log entry, and it seems that it is inside `qemu_log` that the logfile lock is obtained and dropped - so theoretically another thread can output to the log during the printing of a single syscall entry between these `qemu_log` calls. I do not know if this actually happens in practice besides the mmap scenario described above. diff --git a/results/classifier/deepseek-r1:32b/output/syscall/690 b/results/classifier/deepseek-r1:32b/output/syscall/690 new file mode 100644 index 000000000..16e564043 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/690 @@ -0,0 +1,22 @@ + + + +32bit qemu-arm can't run GCC due to failure to allocate memory range for guest (Allocating guest commpage error) +Description of problem: +I'm running ARM binaries using 32 bit qemu-arm-static on x86_64 host. Since version 5.1 (include latest 6.1), QEMU cannot run GCC and some other things with an error `Allocating guest commpage: Operation not permitted`. The problem is NOT reproducible on QEMU 5.0, so probably the problem was caused by a [rework of init_guest_space or the following commits](https://gitlab.com/qemu-project/qemu/-/commit/ee94743034bfb443cf246eda4971bdc15d8ee066) a year ago. + +Also the problem is not reproducible for all users. It is known that it is reproduced on all Arch Linux host machines and some Debian, and probably depends on some kernel build parameters. + +The sysctl `vm.mmap_min_addr` parameter also affects the problem. The error varies depending on its value: +``` +[0 ... 53248] - No error at all +[53249 ... 61440] - Cannot allocate memory +[61441 ... 65536 and higher] - Operation not permitted +``` +Steps to reproduce: +1. Download and extract attached tarball: [qemu-test-gcc.tgz](/uploads/0031fdf6705183626f646b78a281dd2a/qemu-test-gcc.tgz) +2. `$ make # will build the docker container` +3. `$ make run # will enter the container` +4. Once in the container, run: `# /qemu-arm-static-50 /bin/bash /runme.sh` +Additional information: +A detailed description of the problem and feedback from other users is here: https://bugs.launchpad.net/qemu/+bug/1891748 diff --git a/results/classifier/deepseek-r1:32b/output/syscall/836 b/results/classifier/deepseek-r1:32b/output/syscall/836 new file mode 100644 index 000000000..5979c6a19 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/836 @@ -0,0 +1,88 @@ + + + +qemu-riscv32: Syscall LSEEK returns -14 (EFAULT) +Description of problem: +The lseek() system call returns -14 (EFAULT) if the file descriptor is correct, +which it should never do (According to the lseek(2) man page). + +Here is some demonstrative code: +``` +/* System Call numbers, according to https://github.com/riscv-software-src/riscv-pk/blob/master/pk/syscall.h */ +.set SYS_OPENAT, 0x38 +.set SYS_CLOSE, 0x39 +.set SYS_LSEEK, 0x3e +.set SYS_READ, 0x3f +.set SYS_WRITE, 0x40 +.set SYS_EXIT, 0x5d + +.set SEEK_CUR, 1 + +/* According to https://elixir.bootlin.com/linux/v5.16.2/C/ident/AT_FDCWD */ +.set AT_FDCWD, (-100) + +.section .text +.global _start +_start: + +/* Open the file with SYS_OPENAT, because SYS_OPEN does not exist on riscv32 for some reason. + Effectively: + s0 = open(argv[1], 0, 0644); */ +li a7, SYS_OPENAT +li a0, AT_FDCWD +lw a1, 8(sp) +li a2, 0 +li a3, 0644 +ecall + +/* Error checking. This succeeds. */ +blt a0, zero, unrelated_error + +mv s0, a0 + +/* The broken lseek() call. + Same also happens no matter the position in the file. + Effectively: + lseek(s0, 0, SEEK_CUR); */ +li a7, SYS_LSEEK +mv a0, s0 +li a1, 0 +li a2, SEEK_CUR +ecall + +/* XXX: lseek() returns -14 */ +blt a0, zero, lseek_error + +/* Close the file. */ +li a7, SYS_CLOSE +mv a0, s0 +ecall + +/* Error checking. This also succeeds. */ +blt a0, zero, unrelated_error + +/* exit(0); */ +li a7, SYS_EXIT +li a0, 0 +ecall + +/* exit(-return_value); */ +lseek_error: +li a7, SYS_EXIT +sub a0, zero, a0 +ecall + +unrelated_error: +li a7, SYS_EXIT +li a0, 128 +ecall +``` +Steps to reproduce: +1. riscv32-unknown-linux-gnu-as test.s -o test.o +2. riscv32-unknown-linux-gnu-ld test.o +3. qemu-riscv32 ./a.out test +4. echo $? # This returns 14 +Additional information: +Complete test setup: + +[test.tgz](/uploads/af68c9a5236628a9c6f31f2ce94e2f04/test.tgz) diff --git a/results/classifier/deepseek-r1:32b/output/syscall/871 b/results/classifier/deepseek-r1:32b/output/syscall/871 new file mode 100644 index 000000000..e60fa91d2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/871 @@ -0,0 +1,17 @@ + + + +qemu-x86_64 don't support unshare(CLONE_NEWUSER) +Description of problem: +Why qemu-x86_64 call unshare(CLONE_NEWUSER) fail? +``` + fuzzing@ubuntu:~/Desktop/afl/AFLplusplus$ qemu-x86_64 /bin/unshare --user /bin/bash + unshare: unshare failed: Invalid argument + fuzzing@ubuntu:~/Desktop/afl/AFLplusplus$ /bin/unshare --user /bin/bash + nobody@ubuntu:~/Desktop/afl/AFLplusplus$ +``` +Steps to reproduce: +1.execute `qemu-x86_64 /bin/unshare --user /bin/bash` ,it will fail <br/> +2.execute `/bin/unshare --user /bin/bash` ,it will ok + +How i fix that? diff --git a/results/classifier/deepseek-r1:32b/output/syscall/885 b/results/classifier/deepseek-r1:32b/output/syscall/885 new file mode 100644 index 000000000..97df04d6d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/885 @@ -0,0 +1,4 @@ + + + +linux-user: `getsockopt` on `SO_RCVTIMEO_NEW`/`SO_SNDTIMEO_NEW` writes unexpected `int` diff --git a/results/classifier/deepseek-r1:32b/output/syscall/927 b/results/classifier/deepseek-r1:32b/output/syscall/927 new file mode 100644 index 000000000..7a39f030c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/output/syscall/927 @@ -0,0 +1,35 @@ + + + +linux-user: openat on /proc/self/exe can return a closed file descriptor +Description of problem: +`open("/proc/self/exe", ...)` returns a closed file descriptor if qemu-user was executed as an interpreter, passing a file descriptor in the `AT_EXECFD` auxval. + +When the `AT_EXECFD` auxval is nonzero the user program is loaded through `load_elf_binary()` (in `linux-user/elfload.c`) which ultimately calls `load_elf_image()` with that same file descriptor, and `load_elf_image()` closes the file descriptor before returning. + +`do_openat` in `linux-user/syscall.c` will return that file descriptor to the user if the opened path satisfies `is_proc_myself(pathname, "exe")`, which is obviously wrong both in that the file descriptor is closed as part of the initialization process of qemu itself, and that the user program would then close that file descriptor and thus the next invocation of `open` would have the same problem. +Steps to reproduce: +This program prints `3 3` in a x86_64 docker container on my machine (arm64 macos, which docker desktop handles by running containers in a native linux VM under qemu-user). + +```c +#include <fcntl.h> +#include <stdio.h> + +int main(int argc, char **argv) { + int selfexe = open("/proc/self/exe", O_RDONLY | O_CLOEXEC); + if (selfexe < 0) { + perror("open self"); + return 1; + } + + int devnull = open("/dev/null", O_WRONLY | O_CLOEXEC); + if (devnull < 0) { + perror("open devnull"); + return 1; + } + + printf("%d %d\n", selfexe, devnull); +} +``` +Additional information: +Thanks to @pm215 for helping me pinpoint the exact issue I was encountering. diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1022 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1022 new file mode 100644 index 000000000..a4c142a77 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1022 @@ -0,0 +1,18 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report about QEMU encountering a segmentation fault when running a RISC-V simulation that uses the `vsra.vx` instruction. The user provided a detailed backtrace and steps to reproduce. + +First, looking at the problem description, it mentions that the simulation terminates with a segfault upon encountering `vsra.vx`. Segmentation faults usually happen due to invalid memory accesses or other runtime errors within the program. + +The backtrace points to `code_gen_buffer` in QEMU's code. This suggests that during the generation of machine code for the RISC-V CPU, there's an issue when handling the `vsra.vx` instruction. The error occurs at the execution level, specifically in the part of QEMU responsible for translating and executing instructions. + +The steps to reproduce involve compiling QEMU from source and running a specific binary with certain CPU features enabled, including vector extensions (vext). This indicates that the problem is likely related to how QEMU handles these vector instructions, particularly `vsra.vx`. + +Since the error occurs during the execution of an instruction and leads to a segmentation fault, it's tied to how the instruction is being handled by the virtualization layer. It doesn't seem to be related to syscalls or other runtime issues unrelated to specific instruction handling. + +Therefore, this bug falls under the "instruction" category because it involves an issue with processing a specific RISC-V instruction within QEMU. +</think> + +The bug report describes an issue where QEMU encounters a segmentation fault when executing the `vsra.vx` instruction. This is related to how QEMU handles instructions during simulation. + +**Answer:** +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1028 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1028 new file mode 100644 index 000000000..6803825d4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1028 @@ -0,0 +1,17 @@ +<think> +Okay, I need to classify this bug report from QEMU into one of the given categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The issue is about an assertion failure when using the RISC-V RVV instruction vmv.v.x with e64 and vl_max on a RV32 guest. The user provided steps to reproduce it, which involves setting up certain vector configurations and then executing the problematic instruction. + +Looking at the error message: it's happening inside QEMU's TCG (Translation Control Graph) when generating gvec operations. Specifically, in tcg_gen_gvec_dup_i32, there's an assertion that vece <= MO_32 failing because vece is MO_64 for e64. + +The user suggested a possible fix where they adjust how the gvec duplication is handled based on whether the target is RV32 or not. They check if the sew (storage element width) is 3, which corresponds to 64 bits, and then use i64 operations instead of i32. + +This seems like an issue with how QEMU handles a specific vector instruction under certain conditions. The problem arises during the translation of this instruction into TCG code, leading to an assertion failure when running the program. Since it's directly tied to the execution of a particular RISC-V instruction (vmv.v.x) and the handling of vector elements, I think this falls under the 'instruction' category. + +It's not a syscall issue because there are no system calls involved here; it's purely about how QEMU translates and executes an RVV instruction. It also doesn't seem to be a general runtime error unrelated to specific instructions but rather a problem with handling that particular vector move operation. +</think> + +The bug is related to the incorrect handling of the vmv.v.x RISC-V instruction under certain vector configurations, leading to an assertion failure in QEMU's translation layer. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1051 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1051 new file mode 100644 index 000000000..fd512d4f6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1051 @@ -0,0 +1,17 @@ +<think> +Okay, I need to classify this bug report as either "instruction", "syscall", or "or1k tcg SIGILL" is given, and it's part of QEMU. Hmm, let me think about each category. + +The term "SIGILL" stands for an illegal instruction signal. In computing, when a program receives SIGILL, it usually means that the CPU encountered an invalid instruction—it doesn't recognize or can't execute the instruction properly. Since this bug report mentions SIGILL in the context of QEMU, which is an emulator, it's likely related to how instructions are being handled. + +Looking at the categories: "instruction" deals with faulty instructions. So if SIGILL is happening, that suggests there's a problem with an instruction being executed—maybe it's not implemented correctly or isn't supported in TCG (the Tiny Code Generator used by QEMU). + +On the other hand, "syscall" would involve issues related to system calls, which doesn't seem to be the case here. The error is about an illegal instruction, so that points away from syscalls. + +Lastly, "runtime" covers general runtime errors not specifically tied to instructions or syscalls. But since SIGILL is directly tied to an invalid instruction, it's more specific than a generic runtime issue. + +So putting it all together, the bug report is related to an issue with processing an instruction, making "instruction" the correct category. +</think> + +The bug report involves an illegal instruction (SIGILL), which relates to how instructions are handled. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1054812 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1054812 new file mode 100644 index 000000000..4d42b7a7f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1054812 @@ -0,0 +1,49 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU on macOS. The user mentioned that there are two versions of libtool installed on Darwin/OS X: GNU's and Apple's. They're saying that Apple's libtool doesn't work for building libcacard, which is used by QEMU. Instead, they have to use glibtool, but this setting isn't preserved when configuring QEMU, causing issues. + +I need to classify this bug into one of three categories: instruction, syscall, or runtime. + +First, let's think about what each category means: + +- **Instruction**: This would involve a problem with the instructions given, like documentation errors or incorrect setup steps. +- **Syscall**: Issues related to system calls that QEMU makes, possibly leading to crashes or incorrect behavior when interacting with the OS. +- **Runtime**: Errors that occur while the program is running, not necessarily during configuration. + +In this case, the problem arises during the build process of QEMU. The configure script isn't using the correct version of libtool (it's using Apple's instead of GNU's glibtool), which causes issues when trying to build libcacard. This seems more like a setup or build-time issue rather than something that happens while running QEMU. + +Wait, but the user is talking about how they have to manually set LIBTOOL=glibtool each time because the configure script doesn't handle it automatically. So it's an issue with the configuration step of QEMU, not necessarily runtime behavior when executing QEMU after it's built. + +So maybe this falls under instruction, as it's about correctly setting up or configuring the build environment. But on second thought, since it's the configure script itself that isn't handling the libtool correctly, perhaps it's more about how the build process is set up rather than a runtime error. + +Alternatively, if the problem were that during runtime QEMU couldn't find certain libraries or functions because of the incorrect libtool usage, then it would be a runtime issue. But here, the problem is in building QEMU, not running it. + +Wait, but the categories given are instruction, syscall, and runtime. Since this is about the build configuration (configure script), perhaps it's more aligned with an instruction or setup issue rather than a runtime error. However, since the user mentioned that they have to pass LIBTOOL=glibtool when configuring, which isn't preserved, maybe the configure script needs fixing. + +But looking at the options again: if this were about incorrect build steps in documentation, it would be instruction. But it's more about how QEMU's configure script is handling libtool on macOS, which suggests a runtime or build-time issue within the software itself. + +Wait, perhaps I'm overcomplicating. Since the bug is about the configuration process failing due to using the wrong tool, and not an error that occurs while running QEMU after it's built, maybe this isn't a runtime issue. So perhaps it doesn't fit into any of these categories directly, but if we have to choose between instruction, syscall, or runtime, I might think that since it's about configuration during build time, it could be considered as an instruction problem because it's about how users need to instruct the configure script. + +But another angle is that the issue occurs when running the configure script (which is part of building QEMU), so perhaps it's a runtime error in the context of the configure script execution. However, "runtime" here refers to errors during program execution, not build time. + +Wait, maybe I'm misunderstanding the categories. Let me think again: instruction is about faulty instructions in documentation or setup steps. Syscall would be issues when QEMU interacts with the OS via system calls. Runtime would be other runtime errors, like crashes or incorrect behavior while running. + +So in this case, the problem isn't during runtime execution of QEMU but rather during its build configuration. Since the categories don't include a "build" category, perhaps it's closest to instruction because it involves how the configure script is set up or used. However, the issue isn't about user instructions being wrong; it's about the configure script itself not handling libtool correctly on macOS. + +Alternatively, maybe it's a runtime issue in the sense that when QEMU runs, it has problems due to incorrect build steps, but I don't think that's what's happening here. The problem is during the configuration step, which leads to build failures or incorrect binaries, so perhaps it doesn't fit neatly into any of these categories. + +Wait, maybe I should look up how bugs in configure scripts are usually categorized. Configure script issues might fall under instruction if they involve user setup, but this seems more like a software bug in QEMU's configuration process. Since the options given don't include build or configuration as separate categories, perhaps it's best to categorize it as runtime because it affects how QEMU is built and thus its operation. + +But I'm not entirely sure. Another thought: since the issue arises when building (configuring) QEMU, which isn't a runtime process but part of the development cycle, maybe none of these categories fit perfectly. However, given the options, perhaps instruction is the closest because it involves setting environment variables to influence the build. + +Alternatively, if the problem were that after correctly building with glibtool, QEMU crashes at runtime due to some issue, then it would be a runtime error. But in this case, the crash or failure is during configuration, not when running the built binary. + +Hmm, perhaps I'm overcomplicating. The user's main point is about the configure script using the wrong libtool on macOS, causing build issues. Since the bug occurs during the configure step (part of building), which isn't runtime execution but setup, and given the options, maybe it's closest to instruction because it involves how users need to set variables like LIBTOOL. + +But I'm still not entirely confident. Maybe another approach: if this were about incorrect system calls made by QEMU during runtime leading to issues, that would be a syscall bug. If it were about faulty instructions in the documentation on how to build, that's instruction. But since it's about the configure script itself incorrectly handling libtool without user input, maybe it doesn't fit any of these categories. + +Wait, perhaps I should consider that the issue is during the configuration phase, which is part of building but not runtime execution. Since the provided categories don't include a build or configuration category, perhaps the best fit is instruction because it's about how to configure correctly. + +Alternatively, maybe the problem is with QEMU's configure script not handling Darwin correctly, leading to incorrect tool selection, which could be seen as a software bug in the build process, but since the options are limited, I'll go with instruction. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1086 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1086 new file mode 100644 index 000000000..66bf48706 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1086 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm looking at this bug report where tests for numpy and scipy are failing when run under QEMU on ppc64le architecture, but they pass fine on aarch64. The user is involved in conda-forge packaging and uses QEMU for emulation when cross-compiling. They've been experiencing this issue for about two years since QEMU 7 didn't fix it. + +The tests are failing with various issues: arrays not matching up to ULP, permuted values, or completely different results like zeros vs ones. The user provided some examples of the test failures which show significant discrepancies in numerical results, suggesting something is going wrong at a low level during computation. + +Since these packages run fine on native hardware but fail in emulation, it points towards an issue with QEMU's handling of certain instructions or operations on ppc64le. The errors don't seem to be related to the software being tested (numpy/scipy) since they pass elsewhere. Instead, it suggests a problem in how QEMU emulates the PPC architecture. + +The user also mentioned that similar issues occur in other packages like cvxpy-stack, reinforcing that it's likely a QEMU bug rather than specific to numpy or scipy. This makes me think the issue is related to how QEMU handles floating-point operations or certain instructions on ppc64le. + +Looking at possible categories for this bug: instruction, syscall, runtime. Given that the problem seems computational and affects numerical results, it's more likely an issue with how instructions are executed rather than a system call error. Runtime errors could include issues like memory management or timing, but given the nature of the test failures, it points more towards instruction-level problems. + +So, I'm leaning towards categorizing this as an "instruction" issue because it seems to relate to how QEMU processes certain instructions on ppc64le, leading to incorrect results in numerical computations. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1092 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1092 new file mode 100644 index 000000000..ffe98232d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1092 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to classify this bug report for QEMU. The issue is about the translation of PowerPC instructions `sraw` and `sraw.` not setting the `ca` or `ca32` flags as they should according to the PowerISA 3.1b document. + +First, let me understand what each category means: + +- **Instruction:** This would be if there's a problem with how a specific instruction is handled by QEMU. +- **Syscall:** If the issue was related to system calls, like incorrect handling of OS-level operations. +- **Runtime:** Other runtime errors that don't fall into the above categories. + +Looking at the bug report, it specifically mentions that `sraw` and `sraw.` instructions aren't setting certain flags. These are PowerPC-specific instructions, so this points towards an issue in how QEMU translates or executes these particular instructions. + +The user also provided links to parts of the QEMU codebase where these translations occur, indicating it's a problem with the instruction handling rather than something like system calls or other runtime issues. + +Since the problem is about specific CPU instructions not behaving as per the ISA documentation, it fits into the **instruction** category. It's not related to syscalls or general runtime errors but directly tied to how these particular instructions are implemented in QEMU. +</think> + +The bug report describes an issue with how certain PowerPC instructions (`sraw` and `sraw.`) are translated by QEMU, specifically that they don't set the expected flags. This falls under instruction handling. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1095857 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1095857 new file mode 100644 index 000000000..08ff83b57 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1095857 @@ -0,0 +1,21 @@ +<think> +Okay, so I need to figure out how to classify this bug report for QEMU. Let me read through it carefully. + +The user describes an issue where, when executing certain instructions like "mov eax, [r15d]" in Long Mode (x86-64), the instruction ends up being treated as "mov eax, [r15]". According to the x86 programmer manuals, using an Address-Size override in long mode should ignore the high 32 bits of the register. The user is leveraging this behavior in their operating system to save on register usage by storing other data in the high 32 bits of r15. + +However, a general protection exception occurs because the resulting memory address isn't "canonical". This doesn't always happen because sometimes the high 32 bits aren't zero. The user is pointing out that QEMU isn't handling this correctly, leading to exceptions when it shouldn't. + +So, I need to classify this under one of three categories: instruction, syscall, or runtime. + +Let me think about each category: + +- **Instruction**: This relates to how instructions are handled or executed by the processor. +- **Syscall**: Issues related to system calls. +- **Runtime**: Errors that occur during program execution that aren't necessarily tied to a specific instruction or syscall. + +In this case, the problem is with how QEMU handles an instruction. Specifically, it's not correctly interpreting the Address-Size override for the instruction "mov eax, [r15d]". Instead of using only the lower 32 bits of r15 (as per the override), it's using the full 64 bits, leading to non-canonical addresses and exceptions. + +This seems like an issue with how QEMU processes instructions. It's not a problem with a system call or a runtime error in general; it's about incorrect handling of a specific instruction's address mode. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1129571 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1129571 new file mode 100644 index 000000000..0280b97a4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1129571 @@ -0,0 +1,19 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report into one of the given categories: instruction, syscall, or runtime. + +The user provided a log snippet from LibreOffice's build process where it failed with an error code 132. They noted that bash returns error codes as 128 + signal number, so in this case, 132 is 128 +4, which corresponds to an illegal instruction (signal 4). + +They suspect that the issue might be related to qemu because armhf builds are problematic on Launchpad's buildds. So, it seems like during the execution of some Java code through Qemu, there was an illegal instruction. + +Now, looking at the possible categories: + +- **Instruction**: This would involve a faulty CPU instruction being executed. +- **Syscall**: An issue with system calls, like something going wrong in kernel-level operations. +- **Runtime**: Errors that occur during execution but aren't necessarily tied to instructions or syscalls. + +Since the error is an illegal instruction (signal 4), it points to an instruction-level problem. This could mean that Qemu is incorrectly emulating an ARM instruction, causing the build process to encounter a bad instruction when running under emulation. Therefore, this falls under the "instruction" category because it's related to how instructions are being handled by Qemu. + +So, I think the correct classification here is "instruction." +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1156 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1156 new file mode 100644 index 000000000..9a75ff630 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1156 @@ -0,0 +1,17 @@ +<think> +Okay, I need to classify this bug report about the vmsumudm instruction in QEMU. Let me think through this step by step. + +First, the bug report mentions an "incorrect implementation" of the vmsumudm instruction. VMSUMUDM is a vector instruction used for summing unsigned integers. So this definitely relates to how an instruction is handled within the emulator. + +Looking at the categories provided: + +1. **Instruction**: This category fits when there's an issue with how a specific CPU instruction is implemented or executed. +2. **Syscall**: This would be relevant if the problem was related to system calls, which doesn't seem to be the case here. +3. **Runtime**: This covers general runtime errors not tied directly to instructions or syscalls. + +Since the bug specifically mentions an instruction (vmsumudm), it falls under the "instruction" category. There's no mention of system calls or other runtime issues, so I can rule out the other two categories. +</think> + +The issue pertains to a specific CPU instruction implementation in QEMU. + +**instruction** \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1178 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1178 new file mode 100644 index 000000000..972f14635 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1178 @@ -0,0 +1,15 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report related to QEMU and RISC-V64's `feq.s` instruction. The user is asking if `feq.s` only considers the lowest 32 bits. + +First, I know that in RISC-V, `feq.s` is a single-precision floating-point comparison instruction. It compares two single-precision values and returns true if they are equal. Since it's single-precision, it should work with 32-bit floats. + +Now, the user is mentioning RISC-V64, which typically deals with 64-bit registers. However, when using `feq.s`, even in a 64-bit environment, it operates on the lower 32 bits of the source registers. So any issue here would relate to how the instruction processes these bits. + +Looking at the categories provided: instruction, syscall, runtime. The problem described seems to be about how an instruction (`feq.s`) is handling data (the lowest 32 bits), which falls under an instruction-level bug. It's not related to system calls or runtime errors elsewhere in the program. + +So, I think this should be categorized as "instruction." +</think> + +The issue pertains to how the `feq.s` instruction handles 32-bit values within a 64-bit architecture. This is an instruction-related bug. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1245543 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1245543 new file mode 100644 index 000000000..dd4cfd68b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1245543 @@ -0,0 +1,9 @@ +<think> +Okay, so I'm trying to figure out how to classify this QEMU bug report. The user mentioned that QEMU 1.5.0 has an incorrect implementation of the SSE4.1 pmovzxbw instruction and similar ones. They provided a test program where on real hardware it outputs correctly extended values, but in QEMU, only the first element is correct, and the rest are zeros. + +Looking at the possible categories: instruction, syscall, or runtime. The issue seems to be with how QEMU handles specific SSE instructions, so it's about an incorrect implementation of an instruction rather than a system call or runtime error elsewhere. + +So, I think this falls under the "instruction" category because it's directly related to how a particular CPU instruction is being handled by QEMU. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1248168 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1248168 new file mode 100644 index 000000000..e0a89824c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1248168 @@ -0,0 +1,19 @@ +<think> +Alright, I'm trying to help classify this bug report related to QEMU. The user provided some MIPS assembly code and described an issue where self-modifying code doesn't work as expected in the uncached kseg1 memory region. Specifically, the `swr` instruction at line 384 is supposed to change another instruction to a `nop`, but it's not behaving as intended. + +First, I need to understand what each category means. The options are "instruction," "syscall," or "runtime." + +- **Instruction**: This would involve issues with specific machine instructions causing problems. +- **Syscall**: Problems related to system calls. +- **Runtime**: Other runtime errors that don't fall into the above two. + +Looking at the bug report, it's about self-modifying code not working correctly. The user expects a change in memory (via `swr`) to alter another instruction from `addi` to `nop`. However, since they're using uncached memory, caching shouldn't be an issue. But maybe there's a problem with how the instruction is being handled. + +The key here seems to be that after modifying the instruction, it's not taking effect as expected. This could relate to how the CPU handles instructions, possibly an issue with how instructions are fetched or cached even in uncached regions. Alternatively, it might involve issues with how QEMU emulates the MIPS architecture, especially self-modifying code. + +Since the problem is about modifying instructions and their execution, it's more related to instruction handling rather than system calls or other runtime errors. So I think this falls under "instruction." +</think> + +The bug report discusses an issue where a specific instruction (`swr`) doesn't modify another instruction as expected in uncached memory. This relates directly to how instructions are handled. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1251 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1251 new file mode 100644 index 000000000..b2a398004 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1251 @@ -0,0 +1,13 @@ +<think> +Alright, I'm trying to classify this bug report for QEMU based on the information provided. The user has encountered an issue when compiling and running a 64-bit binary for Octeon using GCC and then running it under QEMU with the Octeon CPU model. The error they received is an "Illegal instruction" signal, which is signal 4 in QEMU. + +First, I need to understand what's happening here. They're compiling a simple hello.c program into a 64-bit binary targeting Octeon. When they run it under QEMU with the specified CPU, it crashes with an illegal instruction error. That suggests that the instruction being executed is not recognized by the emulator or the CPU model. + +The user mentions having a patch for this issue and notes that it's insufficient for emulating all Octeon binaries alone. They also mention additional issues for N32 binaries requiring separate handling. The context provided includes a link to an upload of their hello program, which I can't access directly but is likely the test case they're using. + +Now, looking at the possible categories: instruction, syscall, runtime. The error message points towards an illegal instruction, so that immediately makes me think it's related to how QEMU handles specific instructions on Octeon CPUs. Since the problem arises when executing a binary compiled with Octeon-specific instructions, it's likely that QEMU doesn't fully support those instructions yet or has a bug in handling them. + +So, the category here is "instruction" because the issue revolves around an instruction that's causing an error during execution. It's not related to system calls (syscall) since there's no mention of any syscall failing, nor is it a general runtime error unrelated to specific instructions. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1254786 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1254786 new file mode 100644 index 000000000..4fdc657f2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1254786 @@ -0,0 +1,22 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. The bug is related to QEMU and involves an illegal instruction during debootstrap second stage for a Debian m68k guest. + +Looking at the error message: "qemu-m68k-static: illegal instruction ebc0". That seems to indicate that QEMU encountered an instruction it doesn't recognize or can't handle. The instruction mentioned is EBC0, which I think is specific to the MC68000 architecture. + +The process was running debootstrap's second stage in a chroot environment under QEMU. So during this phase, when trying to execute some code, QEMU hit an illegal instruction and aborted. + +Now, considering the categories: +- Instruction: This seems relevant because it's about an unhandled instruction. +- Syscall: It doesn't mention any system call issues. +- Runtime: While it happens at runtime, the core issue is with handling a specific instruction. + +So the primary problem here is that QEMU's m68k emulator doesn't handle the EBC0 instruction properly. Therefore, this falls under the "instruction" category. +</think> + +The bug report involves an illegal instruction error encountered by the QEMU user-mode emulator when executing the second stage of debootstrap for a Debian m68k guest. The specific error is an illegal instruction (ebc0), which suggests that the QEMU m68k emulator does not handle this instruction correctly. + +(instruction) + +The classification is "instruction" because the bug report describes a problem with handling a specific instruction, EBC0, which is causing an error during execution. This falls under the category of issues related to faulty instructions rather than system calls or other runtime errors. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1267955 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1267955 new file mode 100644 index 000000000..915d9bb1f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1267955 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU not setting the parity flag correctly after an XOR instruction. Let me break it down step by step. + +First, the problem occurs when using the `xor %eax,%eax` instruction (opcode 31 c0). After executing this instruction, the parity flag isn't set as expected. However, if we replace this with `sub %eax,%eax` (29 c0), the parity flag works correctly. + +I know that both XOR and SUB instructions can be used to zero out a register. But the difference lies in how they affect the flags. The XOR instruction should clear all bits, including the parity flag because it's setting EAX to zero. On the other hand, the SUB instruction also zeros EAX but might handle the flags differently. + +The user tested this with both QEMU 1.7.0 and 1.7.50 on Debian Sid, so it's consistent across these versions. The output when using XOR results in a different value than expected (46 vs B2), which suggests that the parity flag isn't being set correctly by QEMU after XOR. + +Since this issue is about how an instruction affects the CPU flags, specifically the parity flag, it falls under how QEMU emulates instructions. Therefore, it's related to an incorrect handling of the instruction's effect on the processor state. + +Looking at the categories provided: instruction, syscall, runtime. The problem isn't with a system call (syscall) nor is it a general runtime error. It's specifically about how the XOR instruction modifies the CPU flags, which means it's an instruction-level issue. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1283519 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1283519 new file mode 100644 index 000000000..a5d8a41d8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1283519 @@ -0,0 +1,29 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU not correctly mapping certain PowerPC Altivec rounding instructions. The user mentioned that when using ppc-linux-user or qemu-ppc on a PPC ELF executable, QEMU misidentifies the vrfim, vrfin, and vrfiz instructions. Specifically: + +- If the binary has vrfim, QEMU sees it as vrfiz. +- If it's vrfin, QEMU thinks it's vrfim. +- And if it's vrfiz, QEMU interprets it as vrfin. + +But vrfip is correctly recognized. + +These instructions are part of the Altivec vector operations and handle rounding modes: zero (z), infinity (p), minus infinity (m), or nearest (n). So they're used for controlling how floating-point numbers are rounded in vector operations. + +The question asks to classify this bug into one of three categories: instruction, syscall, or runtime. The user wants just the category name as a response. + +First, I need to understand what each category entails: + +1. **Instruction**: This would involve issues with how specific CPU instructions are handled by QEMU. If the problem is that certain instructions are being misinterpreted or not executed correctly, this falls under instruction. + +2. **Syscall**: This relates to system calls. If the bug had to do with incorrect handling of syscalls (like open, read, write), it would be here. + +3. **Runtime**: This covers other runtime errors, like memory management issues, threading problems, etc. + +In the given bug report, the issue is clearly about specific instructions being misclassified by QEMU. The problem occurs during instruction decoding or execution, leading to incorrect behavior when these Altivec rounding operations are encountered. + +So, since it's an issue with how certain CPU instructions are recognized and processed, the correct category should be "instruction". +</think> + +The bug report describes a problem where specific PowerPC Altivec rounding instructions are being incorrectly mapped by QEMU. This is directly related to the handling of individual CPU instructions, which falls under the "instruction" category. + +(instruction) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1308381 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1308381 new file mode 100644 index 000000000..73f6dd810 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1308381 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out what category this bug falls into. The user provided some information about an illegal instruction happening when running a test case on QEMU using AArch64. They mentioned specific intrinsics like vqmovunh_s16 and others that are being compiled into SQXTUN instructions with different data sizes (B, H, S). + +The problem is that these instructions aren't supported by QEMU, leading to an illegal instruction error when the test runs. I remember that in QEMU, if it doesn't recognize certain instructions, it throws an error because those instructions aren't implemented yet. + +Looking at the categories given: instruction, syscall, runtime. Since the issue arises from specific ARMv8 instructions not being handled by QEMU, this seems to be related to how QEMU processes these particular instructions. It's not a problem with system calls or something that happens during normal runtime operations beyond handling instructions. + +So, it must fall under the 'instruction' category because it's about QEMU not supporting certain ARMv8 instructions, which leads to an illegal instruction error. +</think> + +The issue pertains to specific ARMv8 instructions (SQXTUN) not being supported by QEMU, causing an illegal instruction error. This is directly related to how QEMU handles these instructions. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1328996 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1328996 new file mode 100644 index 000000000..c06be4e28 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1328996 @@ -0,0 +1,15 @@ +<think> +Okay, so I need to classify this bug report about QEMU handling the blr x30 instruction incorrectly on AArch64. Let me go through this step by step. + +First, the problem is that when using "blr x30" in an executable called "bad", nothing gets printed. But it should print "func", which it does correctly when "blr x9" is used instead. The report mentions that there's no restriction on using x30 (which is the link register LR) with blr according to the ARMv8 manual, but QEMU isn't handling it right. + +I remember that blr is a branch instruction that uses a register as the target address. In this case, it's trying to branch to the value stored in x30, which should be valid because x30 is LR and holds return addresses. So, if "blr x9" works but "blr x30" doesn't, the issue must be with how QEMU handles blr when x30 is the source register. + +Looking at the categories provided: instruction, syscall, runtime. The bug seems to be related directly to how an instruction (blr) is being executed or interpreted by QEMU. Since it's about handling a specific instruction incorrectly, that points towards the "instruction" category. + +I should make sure I'm not mixing this up with other categories. It's not a system call issue because it doesn't involve interacting with the OS via syscalls. Also, it's not a runtime error in the sense of memory management or resource issues. The problem is specifically about the execution of an instruction, so "instruction" fits best. +</think> + +The bug report concerns QEMU incorrectly handling the blr x30 instruction on AArch64. This issue directly relates to how the instruction is executed by the emulator. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1339 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1339 new file mode 100644 index 000000000..85e5180c5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1339 @@ -0,0 +1,22 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. The user provided a scenario where they're encountering an assertion failure when running specific RISC-V instructions under QEMU. + +Looking at the code they executed: +- They set up a vector register using vsetvli with parameters e16 and m1. +- Then they tried to perform a conversion from single-precision to half-precision using vfncvt.rtz.x.f.w, which seems incorrect because the instruction's operands don't match. The correct form should be either .f.h for converting float to half or .x.f for integer to float. + +The error message mentions an assertion failure in QEMU's translate.c file, specifically that ctx->insn_start is NULL. This suggests that during the decoding of the instruction, something unexpected happened—possibly because the instruction was not recognized correctly. + +Since the problem arises from executing specific instructions and leads to a fault in the emulator while translating the code, it points towards an issue with how the instruction is handled by QEMU. It's likely that either the instruction itself isn't implemented correctly or there's an error in handling its operands. + +Considering the categories: +- Instruction: This relates directly to issues with specific instructions causing problems. +- Syscall: Not relevant here since no system calls are mentioned. +- Runtime: The issue happens at runtime when executing code, but it's tied to a specific instruction. + +Therefore, this bug is best classified under "instruction" because it stems from the processing of an incorrect or unhandled RISC-V vector instruction by QEMU. +</think> + +The error occurs due to using an invalid instruction combination in QEMU. The `vfncvt.rtz.x.f.w` instruction with these operands isn't supported, leading to a decode failure. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1370 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1370 new file mode 100644 index 000000000..a3a285be1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1370 @@ -0,0 +1,21 @@ +<think> +Alright, so I need to figure out how to classify this bug report as part of QEMU. The issue is about x86 instructions BLSI and BLSR having different results compared to the CPU, specifically regarding the CF flag being opposite. + +First, let me understand what these instructions do. BLSI (Bitwise Logical Shift Left Immediate) and BLSR (Bitwise Logical Shift Right) are BMI1 (Bit Manipulation Instructions) introduced in Intel processors around 2013. They perform shifts on a register by an immediate value and also affect the carry flag (CF). + +The problem described is that when these instructions are run, the CF flag's result doesn't match what the CPU would produce. The user provided an example where compiling code using these instructions in assembly leads to incorrect CF values after execution. + +Now, looking at the possible categories for classification: instruction, syscall, runtime. I need to determine which one fits best. + +- **Instruction**: This category refers to bugs related to how specific CPU instructions are handled. If QEMU is not emulating BLSI and BLSR correctly, especially regarding flags like CF, this would fall under faulty instruction handling. + +- **Syscall**: This would involve issues with system calls, which isn't the case here since the problem is about assembly instructions, not interactions with the operating system's syscalls. + +- **Runtime**: This is broader and covers other runtime errors. However, since the issue is specific to how certain instructions are executed, it's more precise to classify it under instruction-related bugs. + +Given that the bug directly relates to the incorrect handling of BLSI and BLSR instructions and their effect on the carry flag, the most appropriate category is "instruction." The problem lies in how QEMU emulates these specific CPU operations, leading to discrepancies between the expected (CPU) and actual (QEMU) results. +</think> + +The bug pertains to incorrect handling of specific x86 instructions (BLSI and BLSR), particularly affecting the carry flag. This falls under faulty instruction emulation. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1371 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1371 new file mode 100644 index 000000000..1b84c2e3e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1371 @@ -0,0 +1,15 @@ +<think> +Okay, so I need to classify this bug report about QEMU related to the BLSMSK instruction. Let me read through the problem description again to understand what's going on. + +The user provided an example where they compiled some assembly code that uses the BLMSMK instruction with specific operands. When executed, there's a discrepancy between the CPU result and QEMU's result regarding the carry flag (CF). The CPU shows CF as 0, while QEMU shows it as 1. + +Hmm, BLSMSK is an x86 instruction used in bit manipulation, part of the BMI2 extensions if I recall correctly. It sets a mask based on the trailing zeros in the source operand. So, any issues here would likely be related to how QEMU emulates this specific instruction. + +Looking at the categories provided: instruction, syscall, runtime. Since the problem is directly tied to an assembly instruction (BLSMSK) not behaving as expected compared to a real CPU, it's about how that particular instruction is handled in QEMU. So, the bug is in the implementation of that instruction within QEMU. + +Therefore, this falls under the "instruction" category because it's specifically about the handling of an instruction leading to incorrect results. +</think> + +The issue pertains to how QEMU handles a specific x86 instruction (BLSMSK), causing incorrect behavior compared to real CPUs. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1372 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1372 new file mode 100644 index 000000000..53d452040 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1372 @@ -0,0 +1,20 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The issue is about the BEXTR instruction producing different results between QEMU and the CPU. The user provided assembly code where after executing BEXTR, RAX has a value in QEMU that's different from what it should be on real hardware. Specifically, the correct result is 0x5a according to the CPU, but QEMU gives 0x635a775a. + +I know that BEXTR is an x86 instruction used for bit extraction. The problem mentions that QEMU doesn't consider the operand size limit. This suggests that there's a bug in how QEMU handles this specific instruction. + +Looking at the categories: + +- **Instruction**: This would be if the issue relates to how instructions are handled or emulated. +- **Syscall**: If it were a system call error, but there are no syscalls mentioned here. +- **Runtime**: Errors that occur during execution not related to instructions. + +Since the problem is specifically about an instruction (BEXTR) and its handling leading to incorrect results, this falls under the instruction category. The emulator isn't processing BEXTR correctly, which affects the outcome of the program. So, the correct classification is 'instruction'. +</think> + +The bug report describes an issue with how the BEXTR instruction is handled in QEMU, leading to incorrect results compared to a real CPU. + +**Answer:** +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1373 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1373 new file mode 100644 index 000000000..d89113c24 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1373 @@ -0,0 +1,26 @@ +<think> +Okay, so I'm looking at this bug report for QEMU related to x86 instructions ADOX and ADCX. The user provided a code snippet that when compiled and run, shows a discrepancy between the CPU's result and QEMU's output regarding the OF (Overflow Flag). On the CPU, OF is 0 after executing the instruction, but in QEMU, it's set to 1. + +First, I need to understand what ADOX and ADCX do. From my knowledge, these are carry-less multiplication instructions used for operations like GF(2^k) polynomial multiplication, commonly used in cryptography. The ADOX (Add with XOR of operands and OR result) is a bit tricky because it's not your standard addition. + +Looking at the code provided: + +```asm +push 512; popfq; +mov rax, 0xffffffff84fdbf24; +mov rbx, 0xb197d26043bec15d; +adox eax, ebx; +``` + +The first instruction pushes 512 onto the stack and then pops it into EFLAGS. Since 512 in binary is 1000000000, which sets the OF (bit 11) to 1 because EFLAGS are manipulated here. + +Then, rax and rbx are loaded with specific values. After that, the ADOX instruction is executed on eax and ebx. The result of this operation in QEMU sets OF incorrectly compared to the CPU. + +The user mentions that ADCX also has a similar issue but relates to the carry flag (CF). However, in this case, it's specifically about OF with ADOX. + +So, categorizing this bug: It's related to how certain instructions are handled by QEMU. Since the problem occurs during the execution of specific x86 instructions leading to incorrect flags being set, this falls under an instruction-level issue. + +The possible categories given are instruction, syscall, and runtime. This isn't a system call error nor does it relate to general runtime issues beyond specific instruction handling. Therefore, the appropriate category here is 'instruction'. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1374 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1374 new file mode 100644 index 000000000..acf51e2da --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1374 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report related to QEMU as either an instruction issue, a syscall problem, or a runtime error. Let me read through the details carefully. + +The problem is about the BZHI instruction in x86 not producing the correct result when compared to the CPU. The steps involve assembling some code that uses BZHI, and then observing discrepancies between QEMU's output and the actual CPU's output. Specifically, RAX and the SF flag are different. + +BZHI is a specific x86 instruction, so it seems like this bug is directly related to how QEMU handles this particular instruction. The fact that the result differs suggests there might be an issue in how the BZHI operation is implemented in the emulator. + +Since the problem arises from executing an assembly instruction and not from system calls or runtime environment issues, it's most likely an instruction-related bug. Therefore, I should categorize this under "instruction". +</think> + +The bug report describes a discrepancy with the BZHI instruction execution between QEMU and the CPU, indicating a faulty instruction handling. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1375 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1375 new file mode 100644 index 000000000..f92c8bc05 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1375 @@ -0,0 +1,14 @@ +<think> +Alright, let me try to figure out how to classify this bug report. The user provided a detailed issue about SSE/SSE2/SSE3 instructions handling NaNs incorrectly in QEMU compared to real CPUs. They included code that uses assembly instructions and observed different results between CPU execution and QEMU. + +First, the problem is related to instruction handling because it mentions specific SSE instructions like addsubps not behaving as expected with NaN values. The issue arises during the execution of these instructions, leading to incorrect results in QEMU versus a real CPU. + +The user also provided steps to reproduce, which involves compiling code that uses inline assembly, pushing certain values onto the stack, and then performing an addsubps operation on XMM registers. This suggests it's not a syscall issue because it doesn't involve system calls; instead, it's about how instructions are executed in the CPU emulator. + +Looking at the possible categories: instruction, syscall, runtime. Since the bug is directly related to the handling of specific CPU instructions and their semantics with NaNs, the appropriate category would be 'instruction'. It's not a runtime error in general because it specifically points out incorrect behavior of certain instructions. +</think> + +The issue pertains to how QEMU handles specific SSE/SSE2/SSE3 instructions when dealing with NaN values. The problem is directly related to the implementation of these instructions and their expected behavior as per Intel's manual, indicating a faulty instruction handling. + +**Answer:** +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1376 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1376 new file mode 100644 index 000000000..088b05217 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1376 @@ -0,0 +1,23 @@ +<think> +Alright, so I'm trying to classify this bug report related to QEMU. The issue is about the LSL and LAR instructions causing QEMU to crash, whereas according to the CPU behavior, these instructions should just do nothing (nop) if there's an invalid segment descriptor. + +First, let me break down what the problem says. When using LSL or LAR in assembly code with invalid operands, the CPU doesn't execute them and leaves the ZF flag cleared without loading anything into the destination operand. But when this happens in QEMU, it crashes instead of behaving like a nop. + +Looking at the provided code example: + +void main() { + asm("mov rax, 0xa02e698e741f5a6a"); + asm("mov rbx, 0x20959ddd7a0aef"); + asm("lsl ax, bx"); +} + +The LSL instruction here is trying to load a segment limit from an invalid source. According to the manual, this should result in a nop and clear ZF. However, QEMU crashes instead. + +Now, considering the categories: instruction, syscall, runtime. The bug report mentions that the issue arises with specific instructions (LSL and LAR). It's not related to system calls or other runtime errors; it's specifically about how these instructions are handled. + +So, this seems like a problem with how QEMU handles certain instructions. It's not crashing due to a system call error but because of how it processes the LSL instruction when given invalid operands. +</think> + +The bug report is related to how QEMU handles specific instructions (LSL and LAR). + +**Answer: instruction** \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1404690 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1404690 new file mode 100644 index 000000000..a79b99ebf --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1404690 @@ -0,0 +1,30 @@ +<think> +Okay, so I'm trying to figure out why Qemu crashes when I run certain commands like 'ls' or an invalid command inside a chrooted m68k environment using qemu-m68k 2.2.0. Let me start by understanding what's happening. + +I set up binfmt_msc to handle m68k binaries, and I have a small program that execs qemu with some arguments including '-strace'. This setup works for running shells like bash or ash, but when I try commands that probably involve more complex operations or perhaps syscalls, Qemu crashes. The error message mentions an illegal instruction at 0x0000 @ f6fffa30 and gives a stack trace of registers. + +First, I need to consider possible causes. Since it works for simple commands but not others, maybe the issue is with how certain instructions or syscalls are handled by Qemu. The crash happens during an 'ls' command, which involves file system operations—reading directories, accessing files, etc. Maybe these operations trigger a syscall that Qemu isn't handling correctly. + +Looking at the error message: "Illegal instruction: 0000 @ f6fffa30". The address is in user space (as indicated by the 'f' prefix in some contexts), so it's not a kernel issue but something happening within the chrooted process. The illegal instruction could be an unexpected or unsupported opcode for the m68k CPU. + +I should check what instruction is at that address. If I can dump the memory around f6fffa30, maybe using gdb attached to Qemu, I can see if it's a known problematic instruction. Alternatively, perhaps this is a bug in how Qemu emulates certain instructions when running under strace or with specific CPU settings. + +Another angle: the '-strace' option enables tracing of system calls. Maybe there's an interaction between the tracing and the way syscalls are handled that causes Qemu to misbehave. I could try running without '-strace' to see if the issue persists, which would help determine if strace is involved. + +Also, since this happens when running commands that likely make more complex syscalls, it might be a problem with how those particular syscalls are implemented in Qemu's m68k target. For example, maybe some syscalls aren't fully emulated or have bugs in their implementation. + +I should also consider updating Qemu to a newer version if possible, as there might have been fixes for such issues since 2.2.0. However, the user is specifically using that version, so perhaps it's an older bug that hasn't been fixed yet. + +To debug further, I could try: + +1. Running without '-strace' to see if the issue still occurs. +2. Checking what instruction causes the crash by examining memory at f6fffa30. +3. Testing with different commands to see if specific syscalls are problematic. +4. Looking for similar issues in Qemu's bug reports or mailing lists. + +If it turns out that the issue is due to a faulty instruction being executed, then it would fall under the 'instruction' category. If it's related to handling syscalls incorrectly, then it might be a 'syscall' issue. Otherwise, if it's another runtime problem, like memory management or threading, then it would be 'runtime'. + +Given that the error is an illegal instruction, I'm leaning towards the 'instruction' category. But without more info on why that instruction is being executed, it's hard to say definitively. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1428352 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1428352 new file mode 100644 index 000000000..942048f7e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1428352 @@ -0,0 +1,15 @@ +<think> +Alright, let's try to figure out what category this bug report falls under. The user mentioned it's part of QEMU and provided details about a problem with the SYSRET instruction implementation. + +Looking at the report, the issue is related to how the SYSRET instruction handles loading the stack selector (%ss) register. According to Intel's documentation, when returning to user mode using SYSRET, the instruction should reload %ss from IA32_STAR bits 63:48, add 8, and then OR with 3 to set the privilege level to 3. + +In the provided code snippet for helper_sysret(), it seems that the OR with 3 step is missing when setting SS.Selector. This leads to %ss not having the correct privilege level bits set, causing issues like crashes during interrupts in user mode. + +The problem here isn't a system call error or something happening at runtime per se; it's specifically about the implementation of an instruction (SYSRET) within the emulator. The code isn't executing as expected because the instruction isn't handling a specific case correctly. + +So, this seems to be an issue with how QEMU implements the SYSRET instruction. It's more about the instruction's faulty behavior rather than runtime errors or system call problems. +</think> + +The bug report identifies an incorrect implementation of the SYSRET instruction within QEMU, specifically regarding how it sets the stack selector (%ss) privilege level. This falls under issues related to instructions. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1441 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1441 new file mode 100644 index 000000000..d4fb39eb0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1441 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. The user provided a detailed description where they encountered an assertion failure when executing a specific RISC-V instruction, `vfncvt.rtz.x.f.w`. + +First, let's break down what happened. They wrote a C program that uses the RISC-V vector instructions. When compiling and running this program using QEMU with certain CPU features enabled, it crashes with an assertion error at `target/riscv/translate.c:211`, specifically complaining about `ctx->insn_start != NULL`. + +The problem started appearing after a specific commit in QEMU's history, which suggests that the bug might be related to changes made in that commit. The program they provided involves vector operations—loading doubles into a vector register, converting them using `vfncvt_rtz_x_f_w_i32mf2`, and then storing the result. + +Now, considering the categories given: instruction, syscall, runtime. I need to determine which one this bug falls under. + +The assertion failure is happening in the translation process of QEMU when handling an instruction. The error message points to `decode_save_opc` function, where it expects `ctx->insn_start` to be non-null. This suggests that during the decoding of the `vfncvt.rtz.x.f.w` instruction, something went wrong with how the instruction is being handled by QEMU's translation layer. + +Since this is directly related to the processing of a specific RISC-V vector instruction (`vfncvt.rtz.x.f.w`), it seems like an issue with how QEMU handles or translates that particular instruction. Therefore, the bug report is about a faulty instruction leading to an assertion failure in the emulator. + +So, putting it all together, this bug should be classified under "instruction" because it's related to handling a specific instruction causing QEMU to crash. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1452 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1452 new file mode 100644 index 000000000..b5bb5f5b9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1452 @@ -0,0 +1,17 @@ +<think> +Alright, I'm trying to classify this bug report about Tricore supporting shuffle and syscall instructions within QEMU. Let me break it down step by step. + +First, looking at the instruction part—shuffle. Shuffle operations are typically related to how data is manipulated within registers or memory. If there's a fault here, it would fall under the "instruction" category because it's about executing an incorrect or unsupported CPU instruction. + +Next, considering the syscall instruction. Syscalls involve interactions with the operating system, so any issues here might relate to how QEMU handles system calls during runtime. This could touch on whether the syscall is being correctly processed or if there are errors in that process. + +The categories provided are "instruction," "syscall," and "runtime." The bug report mentions both shuffle and syscall, but I need to determine which category best fits. Since Tricore support includes both instructions and system calls, but the mention of shuffle leans towards an instruction-level issue. However, syscall is a specific type of instruction that interacts with the OS. + +But wait, the classification options don't allow combining categories. The primary focus seems to be on supporting these instructions in QEMU. Therefore, if the issue is about implementing or correctly handling these specific instructions (shuffle and syscall), it might fall under "instruction." + +Alternatively, if the problem arises during runtime when executing a syscall, it could fit into "runtime." However, since the report mentions support for both shuffle and syscall, which are types of instructions, I think the most appropriate category is "instruction." +</think> + +The bug report discusses supporting specific CPU instructions (shuffle and syscall) in QEMU, indicating issues with handling these instructions. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1469342 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1469342 new file mode 100644 index 000000000..f76f8038d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1469342 @@ -0,0 +1,19 @@ +<think> +Okay, so I have to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through it again and understand what's going on. + +The user is reporting an issue with QEMU-i386 when using the -cpu pentium3 option from 2015. They mention that a binary containing a 'movsd' instruction (which is part of SSE2) runs flawlessly in this setup, but according to their understanding, it should crash because Pentium 3 processors only have SSE, not SSE2. + +Hmm, so the problem here seems to be related to how QEMU handles instructions on different CPU types. The movsd instruction requires SSE2 support, which wasn't available on Pentium 3 chips. Therefore, when such an instruction is executed on a P3, it should cause an illegal instruction exception (SIGILL). But in this case, QEMU isn't doing that; the program runs without any issues. + +Looking at the categories: + +- **Instruction**: This would involve issues with how instructions are handled or emulated. +- **Syscall**: Problems related to system calls. +- **Runtime**: Other runtime errors not covered by the above. + +In this bug report, the issue is specifically about an instruction (movsd) that shouldn't be supported on a Pentium 3 being executed without error. This points directly to how QEMU handles instructions for different CPUs. The emulator isn't correctly identifying or handling the SSE2 instruction when running in Pentium 3 mode. + +So the problem lies with the instruction emulation, meaning it's an instruction-related bug. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1471 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1471 new file mode 100644 index 000000000..344f316c8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1471 @@ -0,0 +1,27 @@ +<think> +Alright, I need to classify this bug report for QEMU into one of the given categories: instruction, syscall, or runtime. Let me go through each part step by step. + +First, the problem is that when running an amd64 build of curl using qemu-x86_64, it's throwing a SSL error related to bad signature during key exchange. The same setup works with aarch64 and previous commits, so something changed in commit 16fc5726a6. + +The user ran a git bisect and found that this specific commit introduced the issue. They also mentioned that the problem persists at the current tip of the repository, which suggests it's not just a temporary bug but something deeper. + +Looking at the error message: curl is failing with an SSL error about bad signature during key exchange. That points to issues in how the SSL/TLS handshake is handled by the emulated environment. So it's related to cryptographic operations or perhaps how QEMU handles certain instructions or system calls that are critical for SSL/TLS. + +Now, considering the categories: + +1. **Instruction**: If the bug was due to a faulty instruction being executed incorrectly by QEMU, this would fall here. For example, if an x86_64 instruction wasn't emulated properly, leading to incorrect computations in curl's SSL process. + +2. **Syscall**: This category would be relevant if there were issues with system calls made by the guest OS or application that QEMU failed to handle correctly. For example, if a syscall related to network or cryptography wasn't implemented properly. + +3. **Runtime**: This is for other runtime errors not covered by instructions or syscalls. Issues like memory management, timing problems, or unexpected behavior during execution would fit here. + +In this case, the SSL error suggests that the problem arises during the execution of the program (curl) when performing cryptographic operations. Since the aarch64 version works but the x86_64 doesn't, it's likely related to how QEMU emulates certain instructions or handles specific operations needed for SSL/TLS. + +I'm leaning towards **instruction** because SSL/TLS heavily relies on cryptographic operations that are often handled by specific CPU instructions. If QEMU is not correctly emulating these instructions, especially in the amd64 target, it could lead to incorrect calculations and thus SSL handshake failures. + +However, I should also consider if this could be a syscall issue. Maybe the way QEMU handles certain syscalls related to cryptography or network operations has changed, causing issues for x86_64 but not aarch64. But since curl is using its own SSL implementation (like OpenSSL), which relies on CPU instructions rather than syscalls, it's more likely an instruction emulation issue. + +Therefore, the most appropriate category is **instruction**. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1512 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1512 new file mode 100644 index 000000000..fab30ca62 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1512 @@ -0,0 +1,18 @@ +<think> +Okay, so I need to classify this bug report about AVX/AVX2 not being detected correctly in user mode within QEMU. The categories are instruction, syscall, or runtime. + +First, understanding what each category means: +- Instruction: Issues with specific CPU instructions. +- Syscall: Problems related to system calls. +- Runtime: Other runtime errors not covered by the above. + +The bug is about AVX/AVX2 detection failing in user mode. QEMU is an emulator that deals with virtualization and emulating CPUs. AVX and AVX2 are instruction sets, so it's related to how instructions are handled. + +Since the issue is about detecting these instruction sets, which are part of CPU instructions, it likely falls under the 'instruction' category. It's not a syscall issue because it's not about system calls; it's more about CPU features. Also, it's not a general runtime error but specifically related to instructions. + +So I think the correct category is 'instruction'. +</think> + +The bug involves AVX/AVX2 instruction detection issues, which relates to handling CPU instructions in QEMU. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1536 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1536 new file mode 100644 index 000000000..6e9f6a9de --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1536 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. The problem is that some test programs using specific VSX instructions (vextractbm, vextracthm, vextractwm, vextractdm) fail on qemu-ppc64 but not on qemu-ppc64le. + +First, I'll analyze the issue. These are vector extract instructions in PowerISA, used for extracting bits from a mask into a register. The tests work on little-endian (ppc64le) but fail on big-endian (ppc64). This suggests an endianness issue or something specific to how these instructions are handled in the emulator. + +The user provides steps to reproduce using both a custom test and Google Highway's unit tests, which compiles and runs under QEMU. The problem occurs at runtime when executing these specific instructions, leading me to think it's related to how QEMU emulates these instructions on ppc64. + +Looking at the possible categories: instruction, syscall, or runtime. The issue is not a system call error because it's about vector operations. It's also not a general runtime error unrelated to any particular operation but rather specific to certain instructions. + +So, this seems like a problem with how QEMU handles these specific instructions on big-endian PowerPC64. Therefore, the bug falls under the "instruction" category because it involves incorrect handling of specific CPU instructions by the emulator. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1547 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1547 new file mode 100644 index 000000000..4b27dccdf --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1547 @@ -0,0 +1,13 @@ +<think> +Okay, I'm trying to classify this bug report about QEMU and POWER9 emulation. The user mentioned that when using compiler optimizations (like -O2) with gcc 11.3 or later, comparing two floating-point memory operands gives incorrect results. They provided steps to reproduce, including building the code and running it in QEMU. + +First, I need to understand what's happening here. The issue arises during runtime because the problem occurs when executing the compiled binary inside QEMU. It's not a compile-time error or something related to system calls; instead, it's about how QEMU emulates certain instructions on the POWER9 architecture. + +The bug report suggests that the comparison of floating-point numbers isn't working as expected under emulation. This points towards an issue with how specific instructions are handled by QEMU when optimizations are applied. Since it's a runtime error related to instruction handling, I think this falls under the 'instruction' category because it involves the incorrect execution or interpretation of certain CPU instructions during emulation. + +I should also consider other categories: 'syscall' would involve issues with system calls, which isn't mentioned here. 'Runtime' is broader and could include various runtime errors not tied to specific instructions. But since the problem is specifically about floating-point comparisons (which are CPU instructions), 'instruction' seems more precise. +</think> + +The issue pertains to incorrect handling of floating-point comparison instructions under emulation, making it an instruction-related bug. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1553 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1553 new file mode 100644 index 000000000..c411846e6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1553 @@ -0,0 +1,29 @@ +<think> +Okay, so I'm trying to figure out what category this bug falls into. The user provided a build error when compiling QEMU on Windows 10 using MSYS2 and GCC. The error message is about an implicit declaration of a function called 'qemu_close_to_socket' in the file spice-core.c at line 152. + +First, I need to understand what each category means: + +- **Instruction**: This would involve issues with specific instructions in the code that aren't working correctly. +- **Syscall**: Problems related to system calls, like using incorrect syscalls or handling them improperly. +- **Runtime**: Errors that occur when the program is running, not during compilation. + +Looking at the error message, it's a build-time issue. The compiler is complaining about an implicit function declaration. That means the function 'qemu_close_to_socket' isn't declared before it's used in the code. So, when the compiler sees this line: + +```c +qemu_close_to_socket(watch->fd); +``` + +It doesn't know where this function is defined or declared. The error mentions an implicit declaration and a nested extern issue. This suggests that either the function isn't declared anywhere, or perhaps it's declared in a way that's not visible at this point. + +So, why does this happen? It could be because the header file containing the declaration of 'qemu_close_to_socket' wasn't included in spice-core.c. Alternatively, maybe the function was moved or renamed without updating all references to it. + +Since the issue arises during compilation and isn't about how the code runs, it's not a runtime error. Similarly, it doesn't seem related to system calls directly but more about function declarations. So, this points towards an instruction-level problem because it's an issue with how the code is structured—specifically, missing or incorrect function declarations. + +I also recall that in C, if a function isn't declared before use, the compiler assumes it returns an int and has the correct parameters, but in modern compilers (especially with strict warnings), this leads to errors. So, the fix would likely involve adding the proper declaration of 'qemu_close_to_socket' in the appropriate header file that's included by spice-core.c. + +Therefore, categorizing this, since it's a problem with function declaration and usage within the code structure, the category should be "instruction". +</think> + +The error is due to an undeclared function causing a compilation issue. It relates to missing or incorrect function declarations in the code structure. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1574346 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1574346 new file mode 100644 index 000000000..e59f99887 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1574346 @@ -0,0 +1,15 @@ +<think> +Alright, so I'm trying to classify this bug report about QEMU's TCG mode incorrectly emulating the 'mov' instruction when dealing with segment registers on AMD CPUs. The user mentioned that the current behavior marks the GS segment as unusable and sets its base to zero, which is correct for Intel but not AMD. On AMD, writing 0 to %gs shouldn't change the base. + +First, I need to understand what category this falls under: instruction, syscall, or runtime. + +The bug report specifically talks about how certain instructions (like 'movl %eax, %gs') are being emulated incorrectly in TCG mode for AMD CPUs. It's not related to system calls; it's about the execution of an assembly instruction. So it's more about the handling of specific instructions rather than a syscall error. + +Next, considering whether it's an instruction issue or a runtime problem. Since the problem arises from how the 'mov' instruction is being handled in emulation, it relates directly to the processing of that specific instruction. Therefore, it falls under the instruction category rather than runtime issues, which would involve other runtime errors not tied to specific instructions. + +So, putting it all together, this bug report is about an incorrect handling of a specific instruction ('mov' affecting segment registers) in TCG mode for AMD CPUs, making it fall under the 'instruction' category. +</think> + +The issue described relates to how the QEMU emulator handles specific instructions (like `mov` affecting segment registers) on AMD CPUs. Since it's about the emulation of assembly instructions rather than system calls or general runtime errors, it falls under the instruction category. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1590336 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1590336 new file mode 100644 index 000000000..9ff97d21b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1590336 @@ -0,0 +1,7 @@ +<think> +Alright, I'm looking at this bug report about QEMU not rejecting certain ARM instructions on non-V8 CPUs. The user provided an example where vrintz is executed instead of being rejected on a Cortex-A9 processor. They also included objdump and qemu output showing the instruction being processed. + +The categories to consider are instruction, syscall, or runtime errors. Since the issue is about handling specific ARM instructions incorrectly, it falls under the 'instruction' category. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1594069 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1594069 new file mode 100644 index 000000000..769ee556a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1594069 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. The report talks about SIMD instructions not being translated correctly by QEMU, resulting in scalar host instructions instead of using SIMD. The user mentions that there have been some efforts and even a patch series but no resolution yet. + +First, I should understand what each category means. "Instruction" likely refers to issues with how specific CPU instructions are handled. Since the problem is about SIMD (like NEON, MMX, SSE) not being properly translated into host SIMD instructions, that sounds like it's related to instruction translation or execution within QEMU. + +"Syscall" would involve errors in system calls, which doesn't seem relevant here because the issue isn't about how the guest OS interacts with the host via syscalls but rather about CPU instruction handling. + +"Runtime" issues are other runtime problems. This could be a broader category, but since the problem is specifically about instruction translation and performance, it's more precise to classify it under "instruction." + +So putting it all together, the bug report falls under the "instruction" category because it's about how certain CPU instructions (SIMD) are being mishandled during translation. +</think> + +The issue pertains to how specific CPU instructions (SIMD) are translated by QEMU, leading to suboptimal performance. This is a problem related to instruction handling rather than syscalls or general runtime errors. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1605123 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1605123 new file mode 100644 index 000000000..3ce33eabb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1605123 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU. The user reported an issue with the PEXT instruction returning wrong values when emulated by QEMU. They suspect it's related to how the helper function is called in the translate.c file. + +First, let me understand what each category means. "Instruction" would be if there's a problem with how an instruction is handled. "Syscall" would involve system calls going wrong. "Runtime" covers other runtime errors that aren't instructions or syscalls. + +In this case, the issue is specifically about the PEXT instruction in BMI2 not working correctly. The user ran their program both on QEMU and a physical CPU with BMI2 support and noticed discrepancies. They also suspect the gen_helper_pext function might be incorrectly handling arguments. + +So, since it's directly related to how an instruction (PEXT) is being emulated, this falls under the "instruction" category. +</think> + +The bug report discusses issues with the PEXT instruction in QEMU, specifically regarding incorrect argument handling. This relates directly to how instructions are processed. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1606 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1606 new file mode 100644 index 000000000..8cf6ee216 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1606 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The issue is about the RISC-V fence.i instruction not working as expected in QEMU. The test involves two threads on different CPUs. P0 changes some code while P1 reads it, does a fence.i, and then executes the same code. The result shows that P1 reads the new code (x5=0xa009) but still executes the old one (x7=1), which is against the specification. + +Fence instructions are used to enforce ordering of memory operations. In RISC-V, fence.i specifically orders instruction fetches. So if fence.i isn't working, it means that after changing code in one thread, another might not see those changes correctly because the fence didn't properly order the instructions. + +The problem is occurring during runtime when P1 executes the code. The issue isn't with a system call (syscall) or a faulty instruction per se, but rather an incorrect behavior of an instruction—fence.i—in how it's implemented in QEMU. + +So this seems to be a bug related to the handling of the fence.i instruction within the emulator. Therefore, the category should be "instruction" because it's about the correct functionality of a specific instruction not being met. +</think> + +The problem is with the behavior of the `fence.i` instruction in QEMU, indicating an issue with how this instruction is handled. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1611394 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1611394 new file mode 100644 index 000000000..03df11c6e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1611394 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. The user provided some information about certain instructions and tests related to the MSR[SPV] flag. Let me break it down step by step. + +First, the bug report mentions that in QEMU's target-ppc/translate.c file, there are several places where tests for MSR[SPV] need to be removed or adjusted. Specifically, they're talking about scalar single-precision floating-point instructions and how they shouldn't generate an interrupt when MSR[SPV] is not set. + +They list five places where these changes are needed: four specific function definitions and a macro that's already correct. Additionally, another macro used by both efs- and efd-instructions needs to be split into two versions because the current implementation isn't handling the efd-case correctly without testing MSR[SPV]. + +Looking at the possible categories—instruction, syscall, runtime—I need to determine which one fits best. + +The issue is about how certain instructions are being handled in QEMU's translation process. It's not a problem with system calls (syscall) or a general runtime error that occurs during execution (runtime). Instead, it's specifically about the way floating-point instructions are being translated and whether they're correctly checking for the MSR[SPV] flag. + +So, this seems to fall under the "instruction" category because it's about how specific instructions are processed. The problem arises from incorrect handling of these instructions in the translation layer, leading to potential errors when running code that uses them. +</think> + +The issue pertains to how certain floating-point instructions are handled during translation, specifically regarding the MSR[SPV] flag. This is related to instruction processing rather than system calls or general runtime issues. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1612 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1612 new file mode 100644 index 000000000..75ddfb9e1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1612 @@ -0,0 +1,13 @@ +<think> +Alright, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The issue is about SVE (Scalable Vector Extension) first-faulting gather loads returning incorrect data in QEMU. Specifically, when using `ldff1` instructions where `<Zt> == <Zm>`, the loaded vector ends up with duplicated elements, and the FFR incorrectly indicates all loads succeeded. + +Looking at the steps to reproduce, they involve assembly code that uses `ldff1d` instruction. The test shows that instead of loading different values from memory, all elements become 42, which is the first element. This suggests a problem during the execution of this specific SVE instruction in QEMU. + +The additional information mentions that the same code works correctly on real hardware and other gather operations are fine in QEMU. So it's isolated to how QEMU handles this particular instruction under these conditions. + +Given all this, the bug is related to how an instruction (specifically `ldff1d`) is being executed by QEMU, leading to incorrect data handling. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1613817 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1613817 new file mode 100644 index 000000000..15b70ed2a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1613817 @@ -0,0 +1,20 @@ +<think> +Okay, I'm looking at this bug report about QEMU not handling certain return instructions correctly when dealing with non-canonical IP addresses. The user provided some test programs and their outputs on both native CPU and QEMU. + +From what I understand, when a program uses instructions like `iretq`, `lret`, or `ret` with a return address that's not canonical (like 0x1234567812345678), the behavior differs between real hardware and QEMU. On a native CPU, it seems the instruction fails before execution, resulting in a SIGSEGV with the current IP pointing to the failed `iret`. In QEMU, however, the instruction appears to execute successfully, but then an exception is thrown when trying to fetch instructions from that non-canonical address. + +The user wants me to classify this bug into one of three categories: instruction, syscall, or runtime. + +First, I need to determine what's causing the discrepancy. The issue arises during the execution of return instructions (`iretq`, `lret`, `ret`), which suggests it's related to how QEMU emulates these specific CPU instructions. Since the problem is about incorrect handling of the instruction flow and IP addresses, it likely falls under an issue with how instructions are processed. + +Looking at the categories: +- **Instruction**: Pertains to faulty or incorrect handling of CPU instructions. +- **Syscall**: Involves errors in system calls. +- **Runtime**: Other runtime errors not covered by the above. + +In this case, the problem is directly tied to how QEMU handles these return instructions and their associated IP addresses. It's about instruction execution and exception handling, which are core parts of CPU emulation. Therefore, it should be classified under "instruction." +</think> + +The issue relates to incorrect handling of specific CPU instructions by QEMU when dealing with non-canonical IP addresses during return operations. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1620 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1620 new file mode 100644 index 000000000..569734dd3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1620 @@ -0,0 +1,24 @@ +<think> +Okay, so I'm trying to classify this bug report as part of QEMU. The user provided some code and an example where using SME FMOPA instruction gives incorrect results when using tile 1 instead of tile 0. Let me think through this step by step. + +First, looking at the problem description: When they perform an outer product of a vector filled with 1.0s, it should result in a matrix full of 1.0s. However, they're getting zeros when using za1.s but correct results with za0.s. So there's something wrong with how the tiles are being handled. + +The code provided uses SME instructions. I know that SME (Scalable Matrix Extension) introduces vectorized operations for matrix computations. The FMOPA instruction is used here, which stands for Floating-point Matrix Outer Product and Accumulate. It should compute an outer product of two vectors and add it to a matrix tile. + +In the SML, when they execute the FMOPA with za1.s as the destination, after that, when they read from za1v.s, they get zeros instead of ones. But using za0.s works fine. So this seems like an issue with how QEMU handles the FMOPA instruction when it's written to a specific tile (tile 1 in this case). + +Looking at the steps: They compile and run with QEMU, which is where the bug manifests. The output shows all zeros, meaning that either the FMOPA isn't correctly writing to za1.s or reading from it. + +So, considering the possible categories: +- instruction: Faulty instruction described. +- syscall: Error in system call. +- runtime: Other runtime errors. + +The issue seems to be related directly to how QEMU handles the SME instructions, specifically FMOPA when using tile 1. So this points towards an issue with the instruction handling or the emulator's implementation of that instruction. + +Therefore, it's likely an "instruction" category bug because it involves incorrect behavior of a specific assembly instruction within QEMU. +</think> + +The problem relates to how QEMU handles the SME FMOPA instruction when writing to a specific tile, indicating a fault in the instruction processing. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1637 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1637 new file mode 100644 index 000000000..5ec544493 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1637 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report about QEMU crashing when executing `ucomiss` instructions on an AArch64 host. The categories are instruction, syscall, or runtime. + +First, looking at the description: it mentions that the crash happens during the execution of a specific instruction (`ucomiss`). This suggests that the issue is related to how QEMU handles this particular instruction. `ucomiss` is an x86 instruction used for comparing single-precision floating-point values. Since the host is AArch64, which uses a different architecture, QEMU must emulate this instruction. + +The problem here seems to be in the emulation code for `ucomiss`. If the emulation isn't handling the instruction correctly, it could cause unexpected behavior or crashes. This points towards an issue with how the instruction is being processed rather than a system call (syscall) or another runtime error unrelated to specific instructions. + +So, the bug is likely related to the handling of the `ucomiss` instruction during emulation. Therefore, the category should be "instruction." +</think> + +The crash occurs due to issues in emulating the `ucomiss` instruction on AArch64, indicating a problem with how the instruction is handled by QEMU. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1641637 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1641637 new file mode 100644 index 000000000..0fe93adb3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1641637 @@ -0,0 +1,14 @@ +<think> +Okay, I need to figure out how to classify this bug report. The user provided several C code snippets that use inline assembly instructions. When these codes are compiled and run under QEMU, they trigger an illegal instruction error (signal 4). However, when executed on a real machine, the programs work fine. + +Looking at the code examples, each uses specific x86-64 SIMD instructions like `psignw`, `pmulhrsw`, etc. These are part of SSE and AVX instruction sets. The problem arises because QEMU's version (2.7.0) might not support all these instructions or has issues emulating them correctly. + +The user provided information about their system: they're running Ubuntu with a 3.13 kernel, using GCC 4.8.4 and QEMU 2.7.0. The real machine probably supports the necessary instruction sets, but QEMU's emulation is lacking, causing the error. + +So, this issue isn't related to syscalls or runtime errors in general. It's specifically about certain instructions not being handled properly by QEMU. Therefore, it falls under the "instruction" category. +</think> + +The bug report describes issues with specific x86-64 instructions not being correctly emulated by QEMU 2.7.0, leading to illegal instruction errors when running programs that use those instructions. Real hardware supports these instructions, but QEMU's emulation is faulty. + +**Answer:** +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1642 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1642 new file mode 100644 index 000000000..d5d57cd3f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1642 @@ -0,0 +1,13 @@ +<think> +Alright, let's see what this bug report is about. The user mentions that QEMU crashes when emulating an STXP instruction on a Windows host using MSYS2. They've narrowed it down to a specific commit and provided some gdb output. + +The issue seems related to the helper function `helper_atomic_cmpxchgo_le`, which handles atomic compare-and-exchange operations. The crash happens during this operation, specifically when passing I128 arguments. Since the problem is with an instruction (STXP) and how it's being handled in emulation, it falls under the 'instruction' category. + +So, yes, the bug is about a faulty instruction causing a crash. +</think> + +The bug report describes an issue where QEMU crashes while emulating the STXP instruction on a Windows host. The problem arises from incorrect handling of I128 arguments in the helper function for atomic operations. This directly relates to how instructions are processed during emulation. + +**instruction** + +Answer: instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1701821 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1701821 new file mode 100644 index 000000000..0f6be0594 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1701821 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report from QEMU. The user provided several test failures related to floating-point operations on an SH4 CPU. They mentioned that they don't have access to SH4 hardware for comparison. + +First, looking at the categories: instruction, syscall, or runtime. + +The errors seem to involve floating-point functions like coshf, logbf, sinh, etc. These are math functions, so it's possible there's an issue with how these instructions are being handled by QEMU's emulation of the SH4 CPU. + +The bug reports mention "Unhandled trap: 0x1a0" or similar, which suggests that exceptions or traps are occurring during instruction execution. This makes me think it's related to how certain instructions are processed. + +So, since it's about handling specific instructions leading to errors like traps and incorrect floating-point computations, the category should be 'instruction'. +</think> + +The bug report involves issues with instruction processing leading to traps and incorrect floating-point results in QEMU's SH4 emulation. + +**Answer: instruction** \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1713066 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1713066 new file mode 100644 index 000000000..87702ec73 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1713066 @@ -0,0 +1,23 @@ +<think> +Alright, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me go through the information provided to figure out where it fits best. + +The bug report talks about an issue with the ldp instruction in QEMU when running on aarch64 architecture. The problem occurs when loading two 64-bit values from memory where each register is loaded from different pages, and one of those pages is unmapped. This leads to an exception being raised, but after handling it, the OS tries to rerun the instruction, causing another error because x0 has already been updated. + +The user references section D.1.14.5 of the ARMv8 manual, which states that on taking an exception, registers used in address generation should be restored to their initial values. However, in this case, x0 is being changed, leading to incorrect behavior when retrying the instruction. + +They mention observing this issue while running FreeBSD with a specific memcpy implementation using similar instructions and saw it in different versions of QEMU. The problem seems to stem from how exceptions are handled during multi-register loads, specifically with the ldp instruction. + +Now, looking at the categories: + +- **Instruction**: This would involve issues directly related to how individual instructions are executed or translated. +- **Syscall**: Issues related to system calls or their handling. +- **Runtime**: Errors that occur during runtime but aren't tied to specific instructions or syscalls. + +The problem here is clearly tied to the execution of the ldp instruction and how QEMU handles exceptions in this context. It's about how registers are updated before an exception occurs, which affects the retry mechanism. Since it's directly related to the handling of a specific instruction and its side effects during memory operations, this falls under an issue with the instruction processing. + +Therefore, the category is 'instruction'. +</think> + +The bug report discusses issues with how QEMU handles the ldp instruction in specific scenarios leading to exceptions. The problem lies in the handling of registers and retries after exceptions, which pertains directly to the execution of instructions. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1722 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1722 new file mode 100644 index 000000000..5b2dbd081 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1722 @@ -0,0 +1,24 @@ +<think> +Okay, so I'm trying to figure out what's going on here. The user has encountered an "Illegal Instruction" error when running their program under QEMU for MIPS N32 architecture. They've provided some details about the issue. + +First, they ran the command `qemu-mipsn32 run` and got a SIGILL (signal 4), which indicates an illegal instruction. Then they tried debugging with GDB and found that the error occurs at address `0x3f7d2434`, which is inside `/lib32/ld.so.1`. When they disassembled this file, they saw an `exts` instruction at offset 0x4434. + +Looking at the disassembly: + +``` +4434: 7047f03a exts a3,v0,0x0,0x1e +... +``` + +The `exts` instruction is part of the MIPS instruction set. The user mentioned they're using QEMU for MIPS N32, which targets 64-bit MIPS processors in N32 mode. + +Now, I remember that in some cases, certain instructions might not be recognized by older or less complete CPU models in QEMU. For example, if the emulator isn't configured to support all the necessary instruction extensions, it could throw an illegal instruction error when encountering such commands. + +So, the problem is likely related to the `exts` instruction not being supported by the current configuration of the QEMU MIPS N32 emulator. This falls under a faulty instruction because the emulator doesn't handle this specific instruction correctly. + +I think the category here should be "instruction" since it's about an unsupported or faulty instruction causing the crash. +</think> + +The error occurs due to the `exts` instruction, which isn't recognized by the QEMU MIPS N32 emulator. This is a problem with handling a specific instruction. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1727737 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1727737 new file mode 100644 index 000000000..0138f7e03 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1727737 @@ -0,0 +1,21 @@ +<think> +Alright, so I'm trying to figure out how to classify this bug report for QEMU. Let's break it down step by step. + +The user reported that several GCC/sanitizer tests are failing with a timeout when run under QEMU. They noticed that this started happening after upgrading from qemu-2.7 to qemu-2.8 and continues in qemu-2.10.1. The provided test case, alloca_instruments_all_paddings.exe, works fine on older versions but hangs on newer ones. + +They attached the necessary libraries and described how to reproduce the issue using the command `qemu-arm -cpu any -R 0 -L $PWD $PWD/alloca_instruments_all_paddings.exe`. The program completes quickly with qemu-2.7 but never finishes with qemu-2.8. + +Using `-d in_asm`, they observed that QEMU seems to stall on a specific instruction: `0x40b6eb44: e08f4004 add r4, pc, r4`. This suggests the issue might be related to how QEMU handles this particular ARM instruction or the context around it. + +Now, considering the categories provided: + +1. **Instruction**: Relates to a faulty instruction causing issues. +2. **Syscall**: Errors during system calls. +3. **Runtime**: Other runtime errors not covered by the above. + +The problem here seems tied to QEMU's handling of an ARM instruction (add with pc and r4). Since it stalls on this specific instruction, it points towards an issue in how QEMU emulates or executes certain instructions. There's no mention of system calls failing, so syscall isn't likely. It also doesn't seem like a general runtime error but rather something specific to the execution of an instruction. + +Therefore, the bug is most likely related to an instruction handling issue within QEMU. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1737 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1737 new file mode 100644 index 000000000..7fe11cac8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1737 @@ -0,0 +1,15 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report for QEMU. The user provided some code and steps to reproduce an issue related to the ssra instruction when using vector lengths of 1024 bits or higher. + +First, let's understand what's going on. The code uses ARM SVE instructions, specifically svsra for both signed and unsigned integers. When running with a vector length of 64, it works correctly, giving an expected result of 64. But when the vector length is increased to 128 or higher, the signed version returns 0 instead of the correct value, while the unsigned one still gives 64. + +The issue seems specific to how QEMU emulates the ssra instruction under certain vector lengths. The problem occurs during runtime because it's about how instructions are executed, not during compilation or system calls. + +Looking at the possible categories: instruction, syscall, runtime. Since this is related to how an instruction (ssra) is handled incorrectly by QEMU, especially for larger vectors, it falls under an issue with the instruction emulation. So, the category should be 'instruction'. + +I don't think it's a syscall error because there are no system calls involved in this example. It's also not a runtime error in the sense of memory management or other general runtime issues; rather, it's specific to how instructions are processed. +</think> + +The bug report describes an issue with the ssra instruction in QEMU when using larger vector lengths. This is specifically related to how the instruction is handled by the emulator. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1738434 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1738434 new file mode 100644 index 000000000..7f18a5084 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1738434 @@ -0,0 +1,13 @@ +<think> +Alright, I'm trying to classify this bug report related to QEMU. The user provided some assembly code that crashes on 64-bit Windows when running under QEMU, but works fine on real systems and VMware. Let me break down what's happening here. + +The code snippet uses a far call with the selector 0x33h. I know that in x86, a far call changes the code segment, which can switch modes if done correctly. In this case, it seems they're trying to use the "Heaven's gate" technique, which is used by some software (like certain games) to switch from 32-bit to 64-bit mode on Windows. + +In QEMU, when running a 32-bit process under WoW64, using selector 0x33h should trigger a far call that switches to 64-bit mode. However, the code crashes in QEMU with an access violation, while it works fine elsewhere. The user also mentions another version of the code with selector 0x23h, which doesn't cause issues. This suggests that the problem is specific to how QEMU handles certain far calls. + +Looking at the possible categories: instruction, syscall, runtime. Since the issue arises from executing a specific assembly instruction (call fword ptr[esp]) and how it interacts with the environment (QEMU vs real/VMware), it's likely an instruction handling bug. The problem isn't in a system call or a runtime error but rather in how QEMU interprets this particular instruction. + +Therefore, the category should be 'instruction'. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1748296 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1748296 new file mode 100644 index 000000000..b1fc0c44f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1748296 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to help classify this bug report for QEMU. The user provided a detailed description about an issue they're encountering when using TCG (the Tiny Code Generator) versus KVM. + +The problem occurs when executing the x86 BMI instruction SHLX under TCG, which throws an Invalid Opcode exception. However, it works correctly with KVM. They have also set up a reproducible environment on GitHub, which is helpful. + +Looking at the description, they mention that the issue is related to incorrect decoding of BMI instructions. Specifically, the VEX prefix for these instructions is two bytes long, and the gen_sse function in translate.c is reaching a certain label but not handling it correctly when 'b' doesn't equal specific values. This leads to an invalid opcode error. + +The possible categories are instruction, syscall, or runtime. Since the problem is clearly related to how the processor decodes and executes specific instructions (SHLX being a BMI instruction), this falls under the category of an issue with the handling of a particular instruction. + +I don't see any mention of system calls or other runtime errors unrelated to instruction execution. The focus is on the incorrect processing of the BMI instruction by TCG, which suggests that the bug is related to how QEMU's TCG handles certain instructions. + +Therefore, the appropriate category for this bug report is "instruction." +</think> + +The issue is about a problem with handling specific x86 BMI instructions in TCG, indicating an instruction-related bug. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1751422 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1751422 new file mode 100644 index 000000000..878044ade --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1751422 @@ -0,0 +1,13 @@ +<think> +Alright, let me try to figure this out step by step. The user has provided a bug report related to QEMU, specifically mentioning translation errors for certain x86 instructions like 'les' and 'lds'. They've also mentioned having a patch but not knowing how to apply it. + +First, I need to classify this bug into one of the given categories: instruction, syscall, or runtime. The issue here is about incorrect translation of specific instructions during the target i386 processing in various versions of QEMU (2.11.1, 2.10.2, etc.). Since these are x86 assembly instructions that aren't being translated correctly by the emulator, this seems to be a problem with how the instructions themselves are handled. + +I'm thinking about what each category entails. 'Instruction' would involve issues where specific CPU instructions aren't executed properly. 'Syscall' relates to system calls not working as expected, and 'runtime' covers other runtime errors that don't fall into the first two categories. Since the problem is directly tied to the translation of certain x86 instructions, it fits under the 'instruction' category. + +Also, considering they have a patch but are unsure how to apply it, this reinforces that the issue is technical and specific to instruction handling within QEMU. +</think> + +The bug report describes issues with translating specific x86 instructions like 'les' and 'lds'. This falls under instruction-related problems. + +**Answer: instruction** \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1771 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1771 new file mode 100644 index 000000000..dd416b91a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1771 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU's handling of the CASA instruction on SPARC qemu-user. Let me go through it step by step. + +First, the problem description says that when running a program using the CASA instruction on qemu-sparc with LEON3 CPU, it throws an "Illegal instruction" error. That means the emulator isn't recognizing or handling this specific instruction correctly. + +The user provided a patch which seems to add support for the CASA instruction. The issue arises because currently, in QEMU's code, there's no handling for this instruction when running in user space on SPARC32. The diff shows that the CASA case (0x3c) was previously conditional on either not being in user mode or targeting SPARC64, but they've commented out that condition to include it in user-space translations. + +Looking at the possible categories: instruction, syscall, runtime. + +The problem is clearly about an instruction not being handled properly by QEMU's emulator. The CASA instruction isn't recognized, leading to an illegal instruction error. So this falls under an issue with how instructions are processed. + +I don't think it's a syscall or runtime issue because the error is specific to executing an instruction, not related to system calls or other runtime errors like memory management problems. + +So, the category should be "instruction." +</think> + +The bug report deals with QEMU failing to handle the CASA instruction, which leads to an illegal instruction error. This is a problem with processing a specific instruction in user space for SPARC32. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1780 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1780 new file mode 100644 index 000000000..7981def7e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1780 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to classify this bug report about the PowerPC mishandling the xscmpudp instruction. Let's break it down step by step. + +First, the problem description says that the xscmpudp instruction is being mishandled. The user provided a program where they're using f64::NAN and clamping it between two 0f64 values. They expect the result to be NaN, but when compiled with VSX enabled, the assertion fails. Without VSX, it works fine because it uses fcmpu instead. + +So, what's xscmpudp? I recall that in PowerPC, especially when using VSX (Vector Scalar eXtensions), certain instructions are used for vector operations. xscmpudp is probably one of those. The issue here seems to be that QEMU isn't handling this instruction correctly when it's emitted by the compiler with VSX enabled. + +The program uses clamp on a NaN value. Clamp should return NaN if either argument is NaN, so the assertion expects is_nan() to be true. But when xscmpudp is used (with VSX), it fails, implying QEMU isn't executing that instruction as expected. + +Looking at the categories: instruction, syscall, runtime. This seems related to how an instruction is handled by the emulator. Since the problem arises specifically with the use of xscmpudp and not when using fcmpu, it points towards a problem with the instruction handling in QEMU. + +So, I think this bug falls under the "instruction" category because it's about how a specific instruction (xscmpudp) is being mishandled by QEMU. +</think> + +The issue involves incorrect handling of an instruction by QEMU. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1781281 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1781281 new file mode 100644 index 000000000..16e1f4937 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1781281 @@ -0,0 +1,19 @@ +<think> +Alright, so I'm trying to figure out how to classify this bug report. The user provided some details about an issue they're encountering while working on VSX support in libVPX using QEMU. They mentioned that when they change `vec_sub` to `vec_subs` in a specific file, the QEMU emulator throws an "uncaught target signal 4 (Illegal instruction)" error. + +First, I need to understand what each part of this means. The error message says it's an illegal instruction, which typically happens when the CPU encounters an instruction that it doesn't recognize or can't execute. In this case, since they're using QEMU to emulate a PPC64LE (PowerPC 64-bit little-endian) environment on an x86_64 host, any issues with instructions would be related to how QEMU handles the emulation. + +Looking at the possible categories: instruction, syscall, runtime. The user is asking which category this bug falls into. The error here is about an illegal instruction, which directly relates to a problem with how the CPU interprets or executes an instruction. So that points towards the "instruction" category. + +But I should also consider whether it's something else. Could it be a syscall issue? Well, the error message doesn't mention any system calls failing; instead, it's about an illegal instruction during execution. Runtime errors could include various issues at runtime, but since this is specifically about an instruction causing the problem, it seems more specific than a general runtime error. + +So putting it all together, the bug report describes an issue where changing a vector operation from `vec_sub` to `vec_subs` leads to QEMU encountering an illegal instruction. This suggests that either `vec_subs` isn't implemented correctly in QEMU or isn't recognized as a valid instruction for the target architecture being emulated. + +I think the category here is definitely "instruction" because it's about an unhandled or invalid instruction causing the error, not related to system calls or general runtime issues. +</think> + +The issue arises from an invalid instruction during emulation, specifically `vec_subs`, which QEMU doesn't handle correctly. This falls under the instruction handling category. + +(instruction) + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1790 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1790 new file mode 100644 index 000000000..84762d58b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1790 @@ -0,0 +1,21 @@ +<think> +Alright, let's try to figure out how to classify this bug report about the STGP instruction not writing the second register value to memory in QEMU. + +First, I'll read through the problem description again. The user is using Clang 16 with MTE stack protection enabled, which means they're utilizing ARM's Memory Tagging Extension (MTE) for improved security and debugging of memory issues. In this setup, local variables are tagged, and the compiler often uses the STGP instruction to store two registers' values into memory. + +The specific issue is that when using the STGP instruction with operands x21, x2, [x4], only the value from x21 is being written to memory, while x2's value isn't transferred. This suggests a problem in how QEMU handles the STGP instruction. + +Looking at the code provided, there's a diff showing that the trans_STGP() function wasn't calling finalize_memop_pair(), which is done for similar instructions like STP. The user fixed this by adding two lines to call finalize_memop_pair(), which likely properly sets up the memory operation pair, ensuring both registers are written. + +Now, considering the categories: instruction, syscall, or runtime. + +- Instruction category would involve issues where a specific CPU instruction is not being handled correctly. +- Syscall issues relate to system calls not working as expected. +- Runtime errors are more general and could be related to other runtime problems. + +In this case, the problem arises from how the STGP instruction is being translated in QEMU. The function responsible for translating the instruction wasn't handling both registers properly because it missed a crucial step (calling finalize_memop_pair()). This directly affects the execution of that specific instruction, leading to incorrect memory writes. + +Therefore, the bug is related to an instruction not functioning correctly as expected. It's not about system calls or general runtime issues but specifically about how QEMU processes the STGP instruction. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1793119 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1793119 new file mode 100644 index 000000000..c4b98027a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1793119 @@ -0,0 +1,17 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report related to QEMU. The user provided a detailed description about floating-point operations on AArch64 hardware versus emulation in QEMU. + +The problem is that when FPCR is set to zero (which should make the FPU IEEE-754 compliant), the results of division operations differ between real hardware and QEMU. Specifically, after setting FPCR to zero, the result 'r' doesn't match the expected 'q' in QEMU, but it does on actual hardware. + +I need to categorize this bug into one of three categories: instruction, syscall, or runtime. Let me think about each category: + +1. **Instruction**: This would involve an issue with how a specific instruction is handled by QEMU's emulator. Since the problem arises during a floating-point division (fdiv), which is an AArch64 instruction, it might fall here. + +2. **Syscall**: If the bug were related to system calls or interactions between user and kernel space, this category would apply. But in this case, the issue seems to be with the execution of an FPU instruction, not syscalls. + +3. **Runtime**: This is a catch-all for other runtime errors that don't fall into the first two categories. However, since the problem specifically points to the handling of the fdiv instruction under certain FPCR settings, it's more about instruction emulation. + +The user mentioned that using another OS also shows the same issue between real and QEMU, which suggests it's not an environment-specific problem but rather how QEMU emulates the instruction. Therefore, this is likely a faulty instruction handling in QEMU. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1793608 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1793608 new file mode 100644 index 000000000..8499fe474 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1793608 @@ -0,0 +1,20 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me go through each point step by step. + +First, the problem described is that when running a simple program built for POWER9 on QEMU 3.0.0 in linux-user mode, it crashes with an "illegal instruction" error. The specific instruction causing the issue is lxvwsx, which isn't supported by QEMU. + +From what I understand, lxvwsx stands for "Load Word and Splat Indexed." It's a POWER9 instruction that loads a word into each element of a vector register. The user mentions that when they implemented a workaround—using two separate instructions (load followed by splat)—the tests passed correctly. This suggests that the original issue was with QEMU not handling the lxvwsx instruction properly. + +Looking at the provided information, the bug is directly related to an instruction that QEMU doesn't support. The user's program uses this specific instruction, and since QEMU doesn't recognize it, it throws an illegal instruction error. + +The categories given are: +1. **Instruction**: Faulty instruction handling. +2. **Syscall**: Errors with system calls. +3. **Runtime**: Other runtime errors. + +Since the problem is specifically about an unsupported instruction (lxvwsx) causing the crash, this falls under the "instruction" category. The issue isn't related to any system call or other runtime environment problems but rather a missing or incorrectly handled instruction in QEMU's POWER9 implementation. +</think> + +The bug report is about QEMU not supporting a specific instruction, leading to an illegal instruction error. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1806243 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1806243 new file mode 100644 index 000000000..9d61fd1aa --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1806243 @@ -0,0 +1,32 @@ +<think> +Okay, so I'm trying to figure out this QEMU issue that someone reported. Let's break it down step by step. + +First, the problem is happening when debugging ARM code using GDB and QEMU. The code in question uses Thumb2 instructions, specifically an if-then block. The user says that during normal execution, everything works fine, but when they're debugging, the program hangs at a particular conditional branch instruction. + +Looking at the provided disassembly: + +2000407a: push {lr} +... +2000408e: itt lt +20004090: pushlt {r0, r1} +20004092: blt.w 0x20004082 ; unpredictable <IT:lt> // <-- GDB hangs here +20004096: pop {pc} + +The issue is at the blt.w instruction. The user mentions that when r0 equals r1, the program counter doesn't get updated, so execution stops there. + +They tried to reproduce this with inline assembly in a test function. Interestingly, in their test case, they replaced the original branch address (which was pointing back into RAM) with a label "1b", which is within the same function. This worked when running normally but not during debugging. + +The key difference seems to be where the code runs: the problematic code is in RAM, while the inline assembly version runs from flash memory. The user also referenced an existing bug report on Launchpad (bug #1364501) which has similar symptoms. + +They're using QEMU 3.0.0 and arm-none-eabi-gdb 8.2. + +Now, to classify this bug under the categories given: instruction, syscall, or runtime. + +The issue is related to how QEMU handles a specific instruction during debugging—specifically, a conditional branch after an ITT (if-then) instruction. The problem occurs when the condition isn't met, and execution should continue past the branch. It seems like QEMU might not be correctly handling the program counter or the IT state in certain cases, especially when running from RAM versus flash. + +Since it's about how an instruction is handled during debugging, leading to a hang, this falls under an 'instruction' category. The bug report describes a faulty behavior of an instruction in QEMU. +</think> + +The problem arises because QEMU incorrectly handles the conditional branch instruction (blt.w) after an ITT when running from RAM during debugging. This issue is specifically related to how the instruction behaves in certain conditions, so it's categorized under 'instruction'. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1815024 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1815024 new file mode 100644 index 000000000..bd6b633cd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1815024 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU crashing when running in user mode due to the "stck" instruction. Let's break it down step by step. + +First, the problem occurs when using qemu-s390x in user mode. The program crashes with a SIGILL signal when executing the "stck" instruction, which is equivalent to Intel's "rdtsc". This same issue doesn't happen when running in system mode. The example provided uses a minimal test case where compiling and running the code causes the crash. + +Looking at the possible categories: instruction, syscall, runtime. I need to determine which one fits best. + +The bug report specifically mentions an instruction causing a problem. SIGILL is typically thrown when an invalid or unsupported instruction is executed. Since "stck" works in system mode but not user mode, it's likely that the QEMU emulator isn't handling this instruction correctly under user mode emulation. + +So, since the issue revolves around how an instruction is handled (or mishandled) by QEMU, the category should be related to instructions. It doesn't seem to involve syscalls or other runtime issues like memory management or threading problems. The problem arises during the execution of a specific machine-level instruction. + +Therefore, the appropriate classification for this bug report would fall under the "instruction" category because it's about how QEMU processes or emulates a particular CPU instruction. +</think> + +The issue is caused by an invalid instruction being handled incorrectly in user mode by QEMU. The problem arises during the execution of the "stck" instruction, which is not properly emulated in this context. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1818075 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1818075 new file mode 100644 index 000000000..fa97b2a97 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1818075 @@ -0,0 +1,13 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report related to QEMU. The user mentioned that when they try to execute code built with AVX2 instructions using QEMU's x86-64 user mode with a Skylake CPU setting, it hangs at 100% CPU usage. They also provided some warnings about TCG not supporting certain features like AVX and other SIMD-related instructions. + +Looking at the output, I see that there are several warnings from QEMU indicating that TCG (the Translation Core) doesn't support specific CPUID features. These include things like FMA, PCID, X2APIC, and most importantly, AVX and AVX2. The code in question is using AVX instructions, which the trace shows as vsubsd and vcvttsd2si. + +The stacktrace from GDB points to functions related to softfloat operations, specifically within the FPU handling of QEMU. It seems that when processing these AVX instructions, the emulator gets stuck because it doesn't have proper support for them in TCG mode. + +So, considering the categories provided: instruction, syscall, runtime. The issue is directly related to how the emulator handles specific instructions (AVX), which aren't supported by TCG. Therefore, this falls under the 'instruction' category. +</think> + +The problem arises because QEMU's TCG doesn't support AVX instructions, causing it to hang when encountering them. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1820686 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1820686 new file mode 100644 index 000000000..d32449d83 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1820686 @@ -0,0 +1,11 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let's read through the problem description carefully. + +The issue is about QEMU 3.1 incorrectly decoding a 'c.unimp' instruction as 'addi4spn fp, 0'. The problem arises because when handling compressed instructions, only the lower 16 bits are valid, but the current code uses a 32-bit load for ctx->opcode, which includes more bytes than it should. This causes reserved or illegal opcodes to be misdecoded. + +This sounds like an issue with how the emulator decodes and handles specific machine instructions. It's not related to system calls (syscall) because it doesn't involve interacting with the OS kernel. It also doesn't seem like a runtime error in general, as it's specifically about instruction decoding. Instead, it falls under incorrect handling of an instruction. + +So, the category should be 'instruction'. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1821430 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1821430 new file mode 100644 index 000000000..f6cd4081f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1821430 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about qemu-user-arm crashing. Let me read through the details again carefully. + +The user mentioned that they're using qemu-user-arm version 4.0.0-rc0 for crosscompilation via a wrapper. They noticed that it crashes with SIGILL on two specific instructions. + +In the first case, the instruction is "vseleq.f64 d0, d17, d0". The second case involves "vrintm.f64 d18, d18". Both of these are ARM NEON instructions, I believe. + +They also noted that the same binaries run without issues with qemu-user-arm 3.1.0, whether from Ubuntu or self-built. So it seems like a regression introduced in version 4.0.0-rc0. + +Looking at the possible categories: instruction, syscall, runtime. The bug is about specific ARM instructions causing crashes. It doesn't mention any system calls failing, and it's specifically related to how certain instructions are handled during execution. + +So, since the crash is happening because of an illegal instruction (SIGILL) when executing these two NEON instructions, this falls under the 'instruction' category. The issue likely stems from a problem in the emulation of these particular ARM instructions in QEMU. +</think> + +The bug report describes crashes due to specific ARM instructions not being handled correctly by qemu-user-arm 4.0.0-rc0. This is classified as an instruction-related issue. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1821444 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1821444 new file mode 100644 index 000000000..ee9710592 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1821444 @@ -0,0 +1,11 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. The user is experiencing an issue where qemu-ppc (user) incorrectly translates float32 arithmetic. + +Looking at the example provided, when they run their test program on a real PowerPC system, it outputs "1.401298e-45", but when using qemu-ppc, it outputs "2.802597e-45". This discrepancy suggests that there's an issue with how floating-point numbers are being handled in the emulator. + +The key point here is that the problem arises during arithmetic operations involving floats. The user mentions that this could be due to a faulty FPU instruction or issues within the printf emulation. Since it's related to arithmetic, which is part of the CPU instructions, I suspect this falls under an issue with how QEMU emulates certain instructions. + +Therefore, this bug report likely pertains to a faulty instruction being translated incorrectly by QEMU. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1824344 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1824344 new file mode 100644 index 000000000..ab97569c8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1824344 @@ -0,0 +1,11 @@ +<think> +Okay, I need to classify this bug report related to QEMU. The user provided a detailed description where executing certain instructions like retf or iretq in userspace causes an incorrect error code, leading the guest OS (Linux) to think it's a kernel issue when it's actually user-mode. + +Looking at the possible categories: instruction, syscall, runtime. + +The problem here is with how QEMU handles specific CPU instructions that cause page faults. The error arises during the execution of these instructions, which affects the error code pushed onto the stack. This incorrect handling leads to the guest OS misinterpreting the fault source. + +So, since it's directly related to processing certain CPU instructions and their side effects in terms of error reporting, this falls under the 'instruction' category. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1826568 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1826568 new file mode 100644 index 000000000..f9e1b6451 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1826568 @@ -0,0 +1,22 @@ +<think> +Alright, so I'm trying to figure out how to classify this bug report that Axel shared. Let's break it down step by step. + +The issue is happening when running QEMU version 3.1.0 for a RISC-V 64-bit platform with Spike V1.10. The command used includes options like "-d in_asm -singlestep -D qemu_log.txt". The log shows an error at address 0x000000008002cade with the instruction bytes 051300009517e2bf, which is marked as illegal. Additionally, there's a message indicating that the disassembler disagrees with the translator over instruction decoding, and it suggests reporting this to an email address. + +So, first, I need to understand what each part of this means. QEMU is a widely-used emulator, and when it runs in single-step mode with logging, it can help debug issues by providing detailed logs of instructions being executed. The error here seems related to instruction decoding because the disassembler (which converts machine code into assembly) and the translator (which handles instruction execution) are not agreeing on how to interpret a particular set of bytes as an instruction. + +Looking at the possible categories: instruction, syscall, runtime. I need to determine which one fits this issue best. + +The error message mentions "illegal" instruction decoding disagreement between the disassembler and translator. This suggests that there's a problem with how QEMU is interpreting a specific machine code instruction. It's not about system calls or other runtime errors but rather about accurately translating machine code into the right assembly instructions. + +So, this seems to fall under the 'instruction' category because it's directly related to decoding individual machine instructions. The disassembler and translator are parts of QEMU responsible for handling instructions, so their disagreement implies a problem in how these components interpret or execute specific instructions. + +I don't think it's a syscall issue because there's no mention of system calls failing or being the source of the error. It's also not a general runtime error since the problem is specifically about instruction decoding, which is more about how individual instructions are handled rather than other runtime issues like memory management or process scheduling. + +Therefore, the most appropriate category here would be 'instruction'. +</think> + +The issue is related to QEMU's handling of an instruction during disassembly and translation. Since the error involves a disagreement between the disassembler and translator over decoding an instruction, it falls under the category of instruction processing rather than system calls or other runtime issues. + +**Answer:** +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1828867 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1828867 new file mode 100644 index 000000000..54d606cf1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1828867 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU's translation when using REX with LAHF/SAHF instructions. The user mentioned that QEMU incorrectly translates these instructions by selecting RSP instead of AH when REX is used. They provided a patch as a workaround. + +First, I need to understand the categories given: instruction, syscall, and runtime. The issue here seems related to how QEMU handles specific CPU instructions (LAHF/SAHF with REX). These are assembly-level operations, so it's about instruction translation or processing. + +syscall would involve system calls, which doesn't seem relevant here since the problem is with instruction handling. Runtime errors could be a possibility, but usually that refers to issues during program execution rather than specific instruction translations. + +Since the problem is directly tied to how certain instructions are being translated by QEMU, the most fitting category is "instruction." The bug report points out an incorrect behavior in translating these particular CPU instructions. +</think> + +The issue pertains to the translation of specific CPU instructions (LAHF/SAHF with REX) and their handling by QEMU. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1832422 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1832422 new file mode 100644 index 000000000..0fee9e746 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1832422 @@ -0,0 +1,19 @@ +<think> +Okay, I'm trying to classify this bug report into one of the given categories: instruction, syscall, or runtime. The issue described involves an SSE comparison operation where using an 8-bit immediate value that's too large causes a SIGILL signal in QEMU. The test case uses `cmppd xmm0,xmm0,0xd1`, and according to the documentation, only bits [2:0] are used for SSE, while AVX uses [4:0]. Currently, QEMU checks if the value is >=8 and throws an error; however, it should instead mask the higher bits. + +So, breaking this down, the problem arises from how QEMU handles the immediate value in the instruction. It's not correctly masking the bits as per the documentation, leading to an incorrect SIGILL when a larger value is used. This seems directly related to how the processor interprets the instruction and its operands, specifically the handling of immediate values. + +The categories are: + +1. Instruction: Faulty instructions described. +2. Syscall: Errors with system calls. +3. Runtime: Other runtime errors. + +Since this bug pertains to how an instruction is processed (the handling of the immediate value), it falls under the 'instruction' category. The issue isn't related to a system call or another runtime error outside of instruction processing. + +I think that's the right approach because the problem is about the CPU instruction decoding, specifically with the use of immediates in SSE operations. +</think> + +The bug report discusses an issue where QEMU improperly handles 8-bit immediate values in SSE comparison instructions, leading to a SIGILL signal when the value exceeds certain limits. The problem lies in how the instruction's operand is processed. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1833 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1833 new file mode 100644 index 000000000..1c0b67b4f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1833 @@ -0,0 +1,21 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report for QEMU. The user provided a detailed description of an issue where the ST1Q SME instruction incorrectly stores 9 bytes instead of 16 per 128-bit element. They also included steps to reproduce and some code snippets. + +First, let me understand what's happening. The problem is with how QEMU handles the ST1Q instruction in the context of SME (Scalable Matrix Extension). When this instruction runs, it should store a quadword (which I think is 128 bits) from a register to memory. However, instead of correctly writing all 16 bytes, QEMU only writes 9 and then some incorrect data. + +The user traced the issue to a specific line in the sme_helper.c file where there's an off-by-one error. They found that changing a '+1' to '+8' fixes the problem. That suggests it's a programming error in how the helper function is handling memory addresses or increments when processing the ST1Q instruction. + +Looking at the possible categories: instruction, syscall, runtime. + +- Instruction category would be if there was an issue with how a specific instruction is handled. +- Syscall is about system calls, which doesn't seem relevant here. +- Runtime issues are other errors during execution that aren't specifically tied to an instruction or syscall. + +In this case, the problem is directly related to the handling of the ST1Q SME instruction. The bug occurs because QEMU isn't correctly implementing what this instruction should do. So it's not a runtime error in general; it's specific to how this particular instruction is processed. + +Therefore, I think the correct category here is "instruction" since it's about incorrect behavior when executing a specific ARM64 SME instruction. +</think> + +The bug report describes an issue with QEMU incorrectly handling the ST1Q SME instruction. This falls under the "instruction" category because it pertains to how QEMU processes a specific machine instruction, resulting in incorrect data storage. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1841990 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1841990 new file mode 100644 index 000000000..94b31d8b2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1841990 @@ -0,0 +1,11 @@ +<think> +Okay, let's try to figure out what this bug report is about and categorize it correctly. The user provided some output from running tests on both native ppc64le and under QEMU emulation, specifically using the 'denbcdq' instruction. + +First, I notice that when running on the native Power9 CPU, the outputs are different compared to when running in QEMU. For example, without any arguments, the native run gives 0x2208... which is a floating-point value, while QEMU returns 0x0000..., which looks like zero or an error code. + +The user suggests that 'denbcdq' might not be working as intended in QEMU. They also mention possible issues with endianness and whether the right data is being passed to the helper function 'helper_denbcdq'. The GEN_DFP_T_FPR_I32_Rc macro might be involved, which could relate to how floating-point registers are handled. + +Looking at the categories: instruction, syscall, runtime. Since the issue is related to a specific instruction ('denbcdq') not behaving correctly in QEMU's emulation, it seems like this falls under the 'instruction' category. The problem isn't a system call error or a general runtime issue but rather how the emulator handles a particular instruction. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1847467 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1847467 new file mode 100644 index 000000000..210cc0a18 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1847467 @@ -0,0 +1,15 @@ +<think> +Okay, I need to figure out how to classify this bug report about qemu-x86_64. The user provided some details and an example program where QEMU is behaving incorrectly when handling certain segment prefixes in 64-bit mode. + +First, let me understand what's happening. In x86_64, according to the Intel manual, segment prefixes like DS, ES, SS, or CS should be ignored because they're not needed in 64-bit mode. The address calculation uses the FS base in this case. However, QEMU is treating these prefixes as if they were active, which leads to incorrect mapping. + +The user mentioned that both versions 4.0.0 and 4.1.0 of qemu-x86_64 have this issue. They also provided a sample program where the output differs when run natively versus in QEMU. + +Now, looking at the possible categories: instruction, syscall, runtime. The problem seems to be with how QEMU handles specific instructions—namely those with segment prefixes in 64-bit mode. It's not about system calls or runtime errors in general but rather an incorrect handling of certain opcodes. + +So this is likely related to how instructions are decoded and executed. The bug report describes a faulty instruction processing, where the prefixes aren't being ignored as they should be in 64-bit mode. Therefore, it falls under the "instruction" category. +</think> + +The issue pertains to how specific instructions (with segment prefixes) are processed incorrectly by QEMU in x86_64 mode. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1854738 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1854738 new file mode 100644 index 000000000..f6b4193ff --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1854738 @@ -0,0 +1,40 @@ +<think> +Okay, so I'm looking at this bug report related to QEMU, and I need to classify it into one of three categories: instruction, syscall, or runtime. Let me try to break this down step by step. + +First, let's understand what the user is saying. They mention that 'ppc' (which stands for PowerPC) doesn't support something called 'mttcg', but 'ppc64' does. Then they provide a snippet of code from QEMU's configuration files. From this code, I can see different cases for various PowerPC architectures and their configurations. + +Looking at the provided code: + +- For ppc: mttcg isn't set here. +- For ppc64: mttcg=yes +- For ppc64le: Same as above with mttcg=yes +- For ppc64abi32: Also mentions setting TARGET_ABI32=y and includes various XML files, but no mention of mttcg. + +The user is stating that currently, both ppc and ppc64abi32 don't support 'mttcg', and they're looking for support. So the issue seems to be about adding or enabling mttcg for these architectures. + +Now, what does 'mttcg' stand for? I'm not entirely sure, but in QEMU, it might relate to some kind of code generation or optimization feature. Since this is part of the configuration files that set up the target architecture and associated XML descriptions for GDB, it likely pertains to how certain instructions are handled. + +The bug report doesn't mention anything about syscalls or runtime errors directly. Instead, it's focused on whether a specific feature (mttcg) is supported across different PowerPC architectures. This suggests that the problem isn't arising from an incorrect instruction execution or a system call issue but rather from the configuration and support of a particular feature in the target setup. + +So, considering the categories: + +1. **Instruction**: Relates to faulty instructions. +2. **Syscall**: Issues with system calls. +3. **Runtime**: Errors that occur during runtime, not necessarily tied to a specific instruction or syscall. + +In this case, the problem isn't about an incorrect instruction being executed or a syscall failing. Instead, it's about the support for a feature (mttcg) in different architectures. This seems more like a configuration or setup issue rather than something that happens during runtime. However, since mttcg is related to code generation and how instructions are handled, perhaps it falls under how QEMU handles instructions for these architectures. + +Wait, but the user isn't reporting an error that occurs when running something; they're pointing out that support is missing in certain configurations. That might not be a runtime issue per se but more of a setup or configuration problem. But looking back at the possible categories, 'instruction' seems to fit if it's about how instructions are handled. + +Alternatively, maybe it's a runtime issue because without mttcg support, certain operations might fail during execution. But I'm leaning towards instruction because it's about supporting specific features related to code generation for different architectures, which ties into how instructions are processed. + +Hmm, but I'm not entirely sure. The user is asking for support in the configuration, so maybe this is more of a setup issue rather than an error occurring during runtime or due to an incorrect instruction. + +Wait, perhaps the categories might be interpreted differently. If mttcg affects how code is generated and executed, then any missing support could lead to issues when running certain instructions, making it an instruction-related problem. But if it's just about enabling a feature in the configuration without immediate runtime errors, maybe it doesn't fit neatly into these categories. + +But given the options, I think 'instruction' might be the best fit because mttcg is likely related to how instructions are translated or handled by QEMU. +</think> + +The issue pertains to the support of a specific feature (mttcg) across different PowerPC architectures in QEMU's configuration. This relates to how code generation and instruction handling are set up for these targets. + +**instruction** \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1859713 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1859713 new file mode 100644 index 000000000..7a2909f11 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1859713 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. The user provided some details about an issue with ARM v8.3a pauth instructions not working as expected. Let's break down what they've said. + +The host is Ubuntu 19.10 on an x86_64 machine, and the QEMU version is a specific commit from master. They're testing with two pauth instructions: paciasp and autiasp. The test involves corrupting the LR (link register) just before the autiasp instruction. + +The expected behavior is that when the pointer in LR is corrupted, the autiasp should fail to authenticate it and place an invalid pointer. However, what's happening instead is that autiasp successfully authenticates the corrupted pointer, which shouldn't be possible. + +The user also mentioned adding traces in QEMU code and found that "pauth_computepac" isn't handling truncation properly. They provided examples where even with different inputs (like 0x31000000400664 vs. 0x310040008743ec), the top_bit and bot_bit remain the same, which is incorrect because they should vary based on the input. + +So, looking at the possible categories: instruction, syscall, runtime. + +The issue seems to be related to how QEMU handles specific ARM instructions (pauth in this case). The problem arises during the execution of these instructions, leading to incorrect behavior. It's not a syscall error or something that happens at runtime unrelated to instruction processing. + +Therefore, it should fall under the "instruction" category because the bug is about the faulty handling of certain instructions by QEMU. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1861404 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1861404 new file mode 100644 index 000000000..626b0ceea --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1861404 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm looking at this bug report about QEMU not handling the VMOVDQU instruction correctly for YMM registers. The user provided some code and test results showing that when using YMM registers (which are 32 bytes), only the first 16 bytes are copied properly. They tested with both XMM and YMM, and XMM works fine but YMM doesn't. + +The problem seems to be in the translation of the instruction into TCG code. The function `gen_ldo_env_A0` is used for loading data from memory into a register. Looking at that function, it's only handling 8 bytes twice, which adds up to 16 bytes total. That explains why only half of the YMM register gets updated. + +I'm thinking about where this issue falls in terms of classification. The categories given are instruction, syscall, and runtime. This seems like an instruction-level problem because it's about how a specific AVX instruction (VMOVDQU) is being translated or executed incorrectly by QEMU. It's not related to system calls or runtime errors outside of instruction handling. + +So the category should be "instruction" since it's directly tied to how the VMOVDQU instruction is processed for YMM registers. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1863247 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1863247 new file mode 100644 index 000000000..5f7bf0501 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1863247 @@ -0,0 +1,14 @@ +<think> +Alright, let's try to figure out this problem. The user mentioned that there's an issue with the AArch64 EXT instruction for V registers in QEMU. Specifically, when executing an EXT instruction on SVE registers, bits above 128 should be cleared to zero but aren't. So, it's a bug in how QEMU handles this instruction. + +First, I need to understand what category this falls into. The options are "instruction," which is about faulty instructions; "syscall," which relates to system calls; and "runtime," for other runtime errors. + +The issue here is clearly related to the processing of an instruction—EXT—in a specific context (SVE registers). It's not a problem with system calls or a general runtime error. Instead, it's about how QEMU interprets and executes this particular instruction, leading to incorrect behavior in the register bits. + +So, classifying it under "instruction" makes sense because it's about the handling of an instruction causing unexpected results. +</think> + +The bug report describes an issue with how the EXT instruction is handled by QEMU. This falls under an error related to processing an instruction. + +**Answer:** +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1873898 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1873898 new file mode 100644 index 000000000..5d8165da2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1873898 @@ -0,0 +1,21 @@ +<think> +Okay, I need to figure out how to classify this bug report about QEMU's handling of the BKPT instruction in arm linux-user mode. The user provided a detailed explanation and a test case where the arm version doesn't trigger SIGTRAP like the aarch64 does. + +First, looking at the problem: when running the arm binary under qemu-arm, it doesn't stop at the BKPT instruction as expected. Instead of sending SIGTRAP, it continues executing and prints "done". The issue seems to be in how QEMU handles the exception type EXCP_BKPT. + +The bug report explains that in cpu-loop.c for arm, EXCP_BKPT is treated similarly to EXCP_SWI. This means instead of delivering a trap signal, it's incorrectly handling it as a syscall or semihosting call. The user points out that this behavior was from an older commit and that the handling for semihosting has moved elsewhere, so now BKPT should be handled differently. + +The correct behavior is that BKPT should cause a SIGTRAP, like how EXCP_DEBUG does on aarch64. So the problem lies in how exceptions are processed in QEMU's arm code. + +Now, considering the categories: instruction, syscall, runtime. + +- Instruction: This relates to faulty instructions or incorrect handling of CPU instructions. +- Syscall: Issues with system calls. +- Runtime: Other runtime errors not covered by the above. + +In this case, the issue is about how an instruction (BKPT) is handled. The code treats BKPT as a syscall when it shouldn't. It's more about the correct processing of an exception caused by a specific instruction. So, it falls under "instruction". + +I think the category should be 'instruction' because it's about how QEMU handles a particular CPU instruction leading to incorrect exception handling. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1874888 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1874888 new file mode 100644 index 000000000..02f0a4fc0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1874888 @@ -0,0 +1,19 @@ +<think> +Okay, I'm trying to figure out what category this QEMU bug falls into. The user provided some code that crashes QEMU with specific errors. Let's break it down step by step. + +First, looking at the error messages: one mentions "tcg fatal error" and another points to a failed assertion related to `have_mmap_lock()`. TCG stands for Tiny Code Generator, which is part of QEMU used for emulating CPU instructions when KVM isn't available. So it's likely an issue during instruction emulation. + +The code in question is a main function that defines a buffer of bytes and then casts it to a function pointer and calls it. The buffer contains machine code instructions, so the program is executing these bytes as if they were executable code. + +Looking at the byte sequence, I can see various opcodes like `0x2E` (CS segment override), `0xE9` (jump), and several AVX/VMX instructions such as `vpmovzxbd`, `vroundps`, etc. These are advanced x86 instructions that might have specific behaviors or dependencies. + +When this code is run under QEMU, it crashes. The fact that it's related to TCG suggests that the issue arises during the execution of these instructions in the emulator. Since the problem occurs when executing specific machine code, it points towards an instruction handling bug within QEMU's TCG. + +Now, considering the categories: "instruction" refers to issues with how individual CPU instructions are handled. "syscall" would involve system calls, which doesn't seem relevant here since the crash isn't about a system call failing but rather during execution of user-space code. "runtime" is for other runtime errors not covered by the first two. + +Given that the crash occurs when executing specific opcodes and relates to TCG's instruction emulation, this bug falls under the "instruction" category. +</think> + +The bug report involves issues with how QEMU handles certain machine code instructions during execution, leading to a fatal error in the Tiny Code Generator. This points to an issue with handling specific instructions. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1877794 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1877794 new file mode 100644 index 000000000..3de770245 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1877794 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm looking at this bug report related to QEMU, specifically involving a crash when running glxgears under certain conditions. Let me try to break down what's happening here. + +The user mentions that they're working on implementing drm IOCTLs in their own branch of QEMU and noticed that glxgears crashes with SIGILL during GLXSwapBuffers(). They spent about two weeks tracing the call stack, only to find a bad shift instruction. The original intention was to generate an 'shr_i64' which would translate to 'RLDICL' on PPC64LE, but instead, it's ending up with an invalid instruction FFFFFFE0 because the shift count (c) is -1. + +Wait, how does c become -1? I know that in some architectures, shift counts are modulo the number of bits. For example, shifting a 64-bit register by more than 63 would wrap around or cause undefined behavior. But getting a negative shift count like -1 seems odd because shift operations usually don't handle negative counts well. + +The user tried disabling constant folding for arithmetic instructions and found that this resolved the issue. Constant folding is an optimization where expressions with known values are precomputed during compilation, which can lead to more efficient code but might cause issues if not handled correctly, especially when dealing with edge cases like invalid shifts. + +They then re-enabled constant folding on various instructions but found that enabling it on subtraction caused the bug to reappear. That's interesting because subtraction itself doesn't directly relate to shifting, unless there's an optimization path where a subtraction leads to an incorrect value being used as a shift count elsewhere. + +So putting this together: When constant folding is applied during subtraction operations, it might be producing values that later get incorrectly used in shift instructions. For example, maybe a subtraction is resulting in -1, and then that result is being passed into a shift instruction without proper bounds checking or sign handling, leading to an invalid shift count. + +Since the problem arises from how instructions are generated during code optimization (specifically constant folding), this seems like an issue with the way QEMU's translator or optimizer handles certain arithmetic operations. The resulting invalid instruction causes a SIGILL, which is an illegal instruction trap, hence a runtime error. + +Therefore, the bug falls under the 'instruction' category because it involves a faulty generated instruction causing the crash. +</think> + +The issue arises from an incorrect shift instruction being generated due to constant folding optimizations leading to an invalid value (-1) for the shift count. This results in an illegal instruction when executed. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1881450 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1881450 new file mode 100644 index 000000000..33332f4db --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1881450 @@ -0,0 +1,21 @@ +<think> +Okay, so I have this problem where when I run a math function on an m68k Linux user mode under QEMU, it throws an "Illegal instruction" error. The user provided steps to reproduce and mentioned that other targets don't have this issue. Let me try to figure out what's going on here. + +First, looking at the code in math-example.c. It seems to be profiling the expm1f function. They compile it with m68k-linux-gnu-gcc using -O2 optimization and static linking. Then they run it under QEMU for m68k Linux user mode. + +The error happens when executing the compiled binary, resulting in an illegal instruction. The expected output is some profiling results without any errors. So why would this happen specifically on m68k? + +I remember that different architectures have different sets of instructions. Maybe the code generated by GCC includes instructions that QEMU's m68k emulator doesn't support or handle correctly. + +Looking into it, I recall that sometimes certain floating-point operations or specific math functions can cause issues if the emulator doesn't fully implement all instructions. In this case, expm1f is a math function that might rely on some specific instruction set extensions. + +Another possibility is that the compiled binary uses an FPU instruction that QEMU's m68k emulation isn't handling properly. The 68000 series has its own floating-point unit instructions, and if QEMU doesn't emulate them correctly, it could lead to illegal instruction errors. + +So, since the error message points to an illegal instruction during execution, it's likely related to how the emulator processes certain instructions. It might not be a problem with the syscall or runtime environment but rather specific to the CPU instruction handling in QEMU. + +Therefore, this issue falls under the "instruction" category because it's about an invalid or unsupported instruction being executed. +</think> + +The bug is caused by an instruction that the m68k emulator doesn't handle correctly. The error occurs during execution of a generated instruction, indicating a problem with how the emulator processes certain instructions. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1889288 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1889288 new file mode 100644 index 000000000..7e5b8bd69 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1889288 @@ -0,0 +1,13 @@ +<think> +Okay, so I need to figure out how to classify this bug report about the BICS instruction in QEMU's translate-a64.c file. The user mentioned that when they looked at the code, it didn't seem like the gen_logic_CC function was called for BICS, which means the flags aren't being set correctly. They think it might be a bug but haven't created a test case yet. + +First, I'll recall what each category means. "Instruction" is about faulty instructions in the bug report. "Syscall" relates to errors with system calls. "Runtime" covers other runtime issues that don't fall into the first two categories. + +In this case, the issue is specifically about how an instruction (BICS) isn't setting flags properly. This seems to be a problem related to the handling of an instruction within the CPU emulator part of QEMU. The user points out that the code doesn't call gen_logic_CC for BICS, which suggests it's not updating the condition flags as required by the architecture. + +I don't see any mention of system calls here, so "syscall" isn't relevant. It's also more specific than a general runtime error because it's about instruction execution. Therefore, this should fall under the "instruction" category. +</think> + +The bug report is about an issue with how the BICS instruction is handled in QEMU, specifically regarding the setting of flags. This falls under the classification related to instructions. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1901 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1901 new file mode 100644 index 000000000..ec69db7c7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1901 @@ -0,0 +1,15 @@ +<think> +Alright, so I'm trying to classify this bug report for QEMU. The issue is about the fmul8x16 instruction not working correctly when emulating SPARC architectures, specifically UltraSparc II. Let me break down what's happening here. + +First, the user provided a test program that checks all possible combinations of 16-bit and 8-bit inputs using the fmul8x16 instruction. When they run this on real hardware (UltraSparc II), everything works as expected—all tests pass. However, when they use QEMU (both sparc64 and sparc32plus), almost all tests fail, with results being zero. + +Looking at the problem description, it's clear that the issue is with how QEMU handles this specific instruction. The user tried other VIS instructions, which worked fine, so it's isolated to fmul8x16. This points towards a bug in the emulation of that particular instruction rather than a broader issue with the system calls or runtime environment. + +The possible categories are instruction, syscall, and runtime. Since the problem is directly related to how an instruction (fmul8x16) is executed and not with any system call or general runtime behavior, it falls under the 'instruction' category. The fact that other instructions work correctly further supports this classification. +</think> + +The bug report describes an issue with a specific instruction in QEMU's SPARC emulation. Since the problem arises from incorrect handling of the `fmul8x16` instruction, the appropriate category is: + +**instruction** + +(instruction) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1904210 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1904210 new file mode 100644 index 000000000..13ae53fd9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1904210 @@ -0,0 +1,15 @@ +<think> +Okay, I'm trying to figure out what category this bug falls into. The user provided some logs from two different QEMU versions and described an issue where their binary crashes with SIGILL despite having a registered signal handler. + +First, looking at the logs, in version 2.5.0, after reading the input 'flag{', it writes "wrong!" and then calls _llseek with some invalid parameters, leading to an exit. But in version 2.11.1, after the same input, QEMU throws a SIGILL signal which isn't caught, causing a core dump. + +The problem seems related to how QEMU handles illegal instructions. The binary triggers an illegal instruction at address 0x10a68. In older QEMU (2.5.0), it doesn't reach that point because the program exits early. But in 2.11.1, the signal isn't being caught properly. + +The user mentioned that the binary has a SIGILL handler registered, so when the illegal instruction occurs, it should call this handler instead of crashing. However, QEMU is not passing this correctly, leading to an uncaught signal. + +This sounds like an issue with how signals are handled in the emulator, specifically the SIGILL signal which is related to instructions that the CPU can't execute. So the bug is about handling an instruction-related error, making it fall under the 'instruction' category. +</think> + +The bug report describes a situation where the QEMU emulator incorrectly handles the SIGILL signal, leading to a crash despite the program having registered a handler for this signal. The issue arises during the execution of an illegal instruction in the binary, which should have been caught by the registered handler but instead causes QEMU to terminate. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1905356 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1905356 new file mode 100644 index 000000000..2ae85e0e7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1905356 @@ -0,0 +1,21 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the report again carefully. + +The user is reporting an issue with QEMU not handling ARM32 instructions correctly regarding alignment checks. They mention specific instructions like LDRD and STRD which should check for word alignment regardless of the SCTLR.A setting. According to ARM documentation, these instructions should raise an alignment fault if the address isn't aligned properly. + +In their test case, they used the instruction LDRD r0,[pc,#1] at VA 0x10240, and QEMU didn't raise an alignment fault as expected—it loaded the data from an unaligned address without issue. They're suggesting that QEMU should check for this during translation to TCG and raise a SIGBUS signal if the address is unaligned. + +Now, thinking about the categories: + +- Instruction would relate to issues with how specific instructions are handled. +- Syscall relates to system calls going wrong. +- Runtime covers other runtime errors not related to instructions or syscalls. + +Since this issue revolves around how certain ARM32 instructions (like LDRD) are being translated and executed, it seems like the problem is with how these specific instructions are handled by QEMU. The user suggests adding a check during translation to TCG if the address is unaligned, which directly affects instruction execution. + +Therefore, this bug report falls under the 'instruction' category because it's about incorrect handling of specific ARM32 instructions related to alignment checks. +</think> + +The issue pertains to how specific ARM32 instructions handle alignment, requiring a fix in their translation and execution. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1908626 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1908626 new file mode 100644 index 000000000..89b00bcb2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1908626 @@ -0,0 +1,23 @@ +<think> +Okay, I need to figure out how to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me start by understanding the problem described. + +The user is trying to run PostgreSQL/Greenplum inside a Docker container using qemu-aarch64-static on CentOS 7 x86_64 as the host. The issue arises with spinlocks causing panics and getting stuck. They've narrowed it down to the spinlock implementation, which works fine on a physical ARM64 server but not in this setup. + +The test code they wrote also shows that the spinlock is timing out, indicating some kind of deadlock or failure to acquire the lock correctly. The logs show processes repeatedly trying to acquire the lock with values stuck at 1, suggesting an issue with how the locks are being handled. + +Now, looking into why this might be happening: the spinlock uses atomic operations. In their code, they're using `test_and_set` which is a low-level atomic operation. If this isn't working as expected under qemu, it could be due to incorrect handling of these atomic instructions by the emulator. + +The possible categories are: + +1. **Instruction**: Faulty instruction in the bug report. +2. **Syscall**: Error with a system call. +3. **Runtime**: Other runtime errors. + +Since the problem is related to an atomic operation (`test_and_set`), which is an assembly-level instruction, and the issue occurs specifically when running under qemu (emulating ARM64 on x86_64), it's likely that qemu isn't correctly emulating this instruction. Therefore, the bug is with how qemu handles certain instructions. + +I don't see any mention of system calls failing; the issue seems to be with the atomic operations themselves. So, it doesn't fall under syscall. It also isn't a general runtime error but rather something specific to an instruction's handling. Hence, the category should be "instruction." +</think> + +The bug is due to the incorrect emulation of the `test_and_set` atomic instruction by qemu, leading to spinlock issues. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1909 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1909 new file mode 100644 index 000000000..39e443c02 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1909 @@ -0,0 +1,23 @@ +<think> +Alright, so I've got this bug report about QEMU 8.0.0 causing a segfault when running a test program that uses gcov for coverage. Let me try to understand what's going on here. + +The user provided some debug output from GDB. They set a breakpoint and looked at the disassembly. The instruction in question is "str x8, [x9, #2512]", which is an ARM64 store instruction. It looks like they're trying to write the value of register x8 (which is 1) into memory at address x9 plus 2512. + +When they checked the memory location after stepping through this instruction, it still showed as zero. Then, using llvm-objdump, they found that the target address corresponds to a gcov counter (__llvm_gcov_ctr.5), which is in the .bss section and has a size of 8 bytes. + +The user also noted that when running with QEMU 6.2.0, there's no segfault at this point, though there might be another issue later on due to their test program's bug. + +So, what's causing the segfault? The fact that it works in 6.2.0 but not in 8.0.0 suggests a regression introduced in QEMU between these versions. Since the error occurs during a memory write operation, it could be related to how QEMU handles certain instructions or memory accesses. + +Looking at the instruction: "str x8, [x9, #2512]" is trying to write 4 bytes (since x8 is a 64-bit register but str defaults to 32 bits unless specified otherwise). The target address is in .bss, which should be writable. However, maybe QEMU isn't handling the alignment or the size correctly. + +Another angle: perhaps QEMU's memory management for .bss or specific sections has changed, causing the emulator to misbehave when writing to certain addresses. Or maybe it's an issue with how the gcov counters are initialized or accessed in this version of QEMU. + +The fact that the same code works on 6.2.0 but not on 8.0.0 points towards a change in QEMU's handling of these operations. It could be related to how memory is mapped, how instructions are emulated, or some other runtime aspect. + +I think this falls under an "instruction" issue because the problem occurs during the execution of a specific instruction (str) and seems to be related to how QEMU processes that instruction in terms of memory access. +</think> + +The bug report describes an issue where executing a specific store instruction in QEMU 8.0.0 leads to a segmentation fault, which does not occur in earlier versions like 6.2.0. This suggests a problem with how the instruction is being handled. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1912934 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1912934 new file mode 100644 index 000000000..ab833a56a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1912934 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU emulation of the fmadds instruction on powerpc64le. The user provided some context and results from running their test program both on real hardware and under different QEMU versions. + +First, let's break down what's happening here. They have a C program called test-fmadds.c that tests the fmadds instruction, which I believe is related to floating-point operations. On real hardware (POWER8E), it runs correctly and returns 0. But when they run the same program under QEMU emulation on different Linux distributions, it's returning 32 instead of 0. + +They also checked using 'nm --dynamic qemu-system-ppc64 | grep fma' and found that QEMU isn't using the fmaf() or fma() functions from the host system's libc. However, those functions are working fine in the host's glibc, so it's not a problem with the host library. + +Now, I need to classify this bug into one of three categories: instruction, syscall, or runtime. Let me think about each category. + +- **Instruction**: This would involve issues where QEMU is incorrectly handling specific CPU instructions. Since the problem is specifically with fmadds, which is an instruction, this seems relevant. + +- **Syscall**: This relates to errors when making system calls. The issue here doesn't mention any syscalls failing, so I don't think it's related to that. + +- **Runtime**: These are other runtime errors not necessarily tied to specific instructions or syscalls. However, since the problem is directly linked to an instruction (fmadds), this might be more about how QEMU emulates that instruction. + +Given all of this, the issue seems to stem from QEMU's emulation of the fmadds instruction being incorrect. It's not using the correct host functions and therefore behaves differently than real hardware. +</think> + +The bug is related to how QEMU handles the fmadds instruction, indicating an issue in the emulator's instruction handling. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1913913 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1913913 new file mode 100644 index 000000000..09481a76b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1913913 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm looking at this bug report about QEMU and WINE. The user mentioned that certain 16-bit Windows programs crash when run under QEMU's i386-linux-user emulator, specifically showing an error where sigcontext->trapno is -1. They also noted that these programs work fine on a native i386 system. + +The issue seems to be related to how exceptions are handled in WINE. The programs make DOS calls using int 21h, which should trigger an exception that WINE handles by patching the code with its own int21h handling. However, instead of getting the expected trap number, it's -1, causing WINE to treat it as an unhandled error. + +I'm trying to figure out why this is happening. The user isn't sure if it's because of privileged instructions not being handled in 16-bit mode or another illegal instruction case. They provided a QEMU commit reference and mentioned that the behavior was present in version 5.2.0. + +Looking at the possible categories: instruction, syscall, runtime. + +The bug report doesn't mention a specific system call failing but rather an issue with exception handling during DOS calls (int 21h). The problem arises when executing these instructions under QEMU's emulator, leading to incorrect trap numbers in sigcontext. This affects how WINE handles the exceptions. + +So, it seems like the issue is related to how QEMU handles certain instructions, specifically the int instruction used for system calls. Since this leads to an unexpected trap number and causes WINE to mishandle the exception, it's likely a problem with how these specific instructions are being emulated or handled in the emulator. Therefore, the category would be 'instruction'. +</think> + +The bug report describes an issue where QEMU incorrectly handles the int 21h instruction used for DOS calls, leading to incorrect trap numbers and causing WINE to mishandle exceptions. This is related to how specific instructions are being processed by QEMU. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1914021 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1914021 new file mode 100644 index 000000000..f794e4507 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1914021 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out why when I run this binary called a.out_err using QEMU, it's giving me an "Illegal instruction" error and crashing. But when I use GDB to remote-debug the same program, it works fine without any issues. That's pretty confusing because if GDB is working, maybe there's something specific about how QEMU is handling things that's causing the problem. + +First, let me look at the details provided. The binary is an ELF32 file for ARM architecture, little-endian, using soft-float ABI. The entry point is at 0x8220. QEMU version is 4.0.0, which is a bit old but still maintained. + +The error message from QEMU says "uncaught target signal 4 (Illegal instruction) but gdb remote-debug exited normally." That suggests that when running under GDB, the program doesn't hit this illegal instruction, but when run standalone in QEMU, it does. Hmm, why would that be? + +I remember that sometimes debuggers can affect how a program runs, especially regarding certain instructions or memory accesses. Maybe there's an instruction that only gets executed when not debugging, which causes QEMU to crash. + +Looking at the possible categories: instruction, syscall, runtime. The error is about an illegal instruction, so it seems like it should fall under 'instruction'. But I need to make sure it's not a different category. + +If it were a syscall issue, running under GDB might still hit the same problem because syscalls are handled by the kernel regardless of debugging. Since GDB works, maybe it's not a syscall problem. Similarly, runtime issues could be many things, but since the error is specifically about an illegal instruction, that points more towards an 'instruction' category. + +I'm also thinking about possible causes like CPU features or missing instructions. Maybe the binary uses an ARM instruction that QEMU doesn't support correctly in non-debug mode, but GDB somehow masks it. Or perhaps when running under GDB, certain optimizations are disabled, preventing the problematic code from being executed. + +Another angle: could there be a timing issue where without GDB's介入, some initialization isn't done properly? But since the error is an illegal instruction, that makes me think it's more about the CPU executing something invalid rather than missing initializations. + +So putting it all together, the main symptom is an illegal instruction causing QEMU to crash, which doesn't happen under GDB. This points towards a problem with how certain instructions are handled in QEMU when not being debugged, making 'instruction' the most likely category. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1915327 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1915327 new file mode 100644 index 000000000..35dfbd0a1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1915327 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU's behavior with the cmpxchg instruction. Let me start by understanding what's going on here. + +The user provided a C program that uses inline assembly to perform a cmpxchg operation. The expected result is that if the values are equal, the accumulator (RAX) should remain unchanged. On a real CPU, when they run this code, RAX stays as 0x1234567812345678, which makes sense because cmpxchg doesn't modify the register in that case. + +But when running the same program under QEMU's x86_64 TCG (Translation Cache Generic), the result is different. RAX becomes 0x12345678, which looks like only the lower half of the original value. This suggests that QEMU is zero-extending EAX to RAX instead of keeping the full 64 bits. + +Looking at the possible categories: instruction, syscall, runtime. The issue here seems to be with how QEMU handles the cmpxchg instruction. Specifically, it's not matching real CPU behavior because of an incorrect handling of the registers, probably during translation or execution of that instruction. + +So, this isn't a problem with a system call (syscall) or something happening at runtime unrelated to specific instructions (runtime). Instead, it's directly about how QEMU processes the cmpxchg instruction. Therefore, the correct category should be "instruction." +</think> + +The bug report concerns incorrect handling of the cmpxchg instruction in QEMU, leading to unexpected register behavior. This falls under the category of an instruction issue. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1916269 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1916269 new file mode 100644 index 000000000..e305bde29 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1916269 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm looking at this bug report about QEMU and an issue with the SSE4.2 CRC32 instruction causing an FPU exception when running FreeBSD. The user is using QEMU 5.2 with TCG acceleration and a Nehalem CPU setting. + +From what I understand, when they run FreeBSD under these conditions, executing the crc32 instruction triggers an exception. They attached GDB and found it's happening in translate.c line 3067. That part of the code checks if the TS flag is set and raises an exception if it is. But according to Intel's documentation (page 61 of their manual), the CRC32 instruction should work regardless of the TS bit's state. + +So, the bug seems related to how QEMU handles the crc32 instruction in TCG mode. Specifically, it incorrectly checks for the TS flag and raises an exception when it shouldn't. This is causing the FPU exception because the code assumes that the instruction requires FPU context even when it doesn't. + +Now, categorizing this bug: The options are instruction, syscall, or runtime. Since the issue revolves around how a specific instruction (crc32) is handled by QEMU's TCG translator, it falls under the "instruction" category. It's not related to syscalls or general runtime errors but rather an incorrect handling of an instruction. +</think> + +The bug pertains to how QEMU handles the CRC32 instruction in TCG mode, leading to an unnecessary FPU exception despite Intel's documentation. This is a problem with instruction execution. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1922887 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1922887 new file mode 100644 index 000000000..5651d3c99 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1922887 @@ -0,0 +1,13 @@ +<think> +Alright, let me try to figure out how to classify this bug report about QEMU's Thumb 32 STR instruction decoding issue. The user provided a detailed explanation and even included some machine code and symbols involved. + +First, I'll read through the problem description again to make sure I understand it correctly. It seems that there's an issue with how QEMU handles a specific STR instruction in Thumb32 mode. The machine code given is 0xf84f0ddd, which decodes into certain register operations and flags (Rn, Rt, P, U, W). According to the user, when Rn is '1111', it should be an undefined instruction, causing a segmentation fault or similar error. However, QEMU isn't checking this properly, leading to a bug. + +Now, looking at the possible categories: instruction, syscall, runtime. The issue here revolves around how the CPU instruction (STR) is being decoded and handled by QEMU. Specifically, it's about an incorrect handling of a particular instruction's encoding which should result in an undefined state but isn't being properly detected. + +So, this falls under the 'instruction' category because it's directly related to how a specific machine instruction is processed. It's not a syscall issue since there's no mention of system calls going wrong. Neither is it a general runtime error; rather, it's an error in handling an instruction during execution. +</think> + +The bug report discusses an issue with the decoding of a specific Thumb32 instruction (STR) leading to improper behavior in QEMU. This is directly related to how instructions are processed. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1925512 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1925512 new file mode 100644 index 000000000..840a9ad85 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1925512 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to classify this bug report related to QEMU. The user mentioned an issue with the BLX instruction in ARMv7 Thumb mode where H is set to '1', causing it to be undefined according to the manual. However, QEMU doesn't check this constraint in the trans_BLX_i function. + +Hmm, let's break it down. The bug report talks about a specific instruction (BLX) and how QEMU isn't handling an edge case correctly. Since it's related to how instructions are processed, especially an undefined condition not being checked, this seems like it falls under an instruction-level issue. + +I don't think it's a syscall error because the problem isn't with system calls but rather with the processor executing instructions. It also doesn't seem runtime-related in terms of general runtime errors; instead, it's specific to how a particular instruction is being handled. + +So, the category here should be "instruction" since it directly relates to an incorrect handling of a CPU instruction. +</think> + +The bug report discusses an issue with how QEMU handles a specific instruction (BLX) when certain conditions are met. It points out that QEMU doesn't check for an undefined case specified in the ARMv7 manual, leading to potential errors in instruction execution. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1926759 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1926759 new file mode 100644 index 000000000..da9b91778 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1926759 @@ -0,0 +1,15 @@ +<think> +Alright, I'm looking at this bug report from Muhui about QEMU crashing when executing the WFI instruction. Let me break it down step by step. + +First, the user provided the bytecode 0xe320f003 for the WFI instruction. They mentioned that after executing this instruction, QEMU exits with an unhandled CPU exception. The crash log shows various register values and a PSR (Program Status Register) indicating the CPU was in user mode when it happened. + +WFI stands for Wait For Interrupt and is commonly used to put the processor into a low-power state until an interrupt occurs. The fact that QEMU is crashing suggests there's an issue with how this instruction is being handled by the emulator. + +Now, considering the possible categories: instruction, syscall, or runtime. Since the problem arises directly from executing a specific instruction (WFI), it seems to be related to how that instruction is processed. It's not about a system call error because WFI doesn't involve syscalls; it's a CPU-level operation. It also doesn't seem like a general runtime issue because the crash occurs specifically when this instruction runs. + +So, I'm leaning towards the "instruction" category because the bug report revolves around the handling of the WFI instruction within QEMU. +</think> + +The bug is related to how QEMU handles the WFI instruction, which is an ARM instruction. The crash occurs during execution of this specific instruction, indicating a problem with instruction processing. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/1967248 b/results/classifier/deepseek-r1:32b/reasoning/instruction/1967248 new file mode 100644 index 000000000..f639db29c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/1967248 @@ -0,0 +1,21 @@ +<think> +Alright, let's try to figure out what's going on here. The user is encountering an issue when running their a.out_err binary under QEMU. They get a core dump with the message "qemu: uncaught target signal 5 (Trace/breakpoint trap)". However, when they use GDB for remote debugging, the program exits normally without any issues. + +First, I need to understand what each of these tools is doing. QEMU is an emulator that runs binaries for different architectures, in this case, a 32-bit ARM binary. When the user says it's core dumping, that suggests something unexpected is happening during execution, causing the program to crash. + +Looking at the provided disassembly of the binary, I see that there's a 'bkpt' instruction at address 0xa608. The 'bkpt' instruction in ARM is used for debugging purposes and generates a software breakpoint exception. In normal circumstances, when QEMU runs this instruction without a debugger attached, it should generate a SIGTRAP signal to the host process, which would typically cause a core dump if not handled. + +However, the user mentioned that when using GDB for remote debugging, everything works fine. That makes sense because GDB catches these breakpoints and allows the user to debug, so no crash occurs. But without GDB attached, QEMU should handle the breakpoint in some way, perhaps by ignoring it or translating it correctly into a signal. + +The user also checked a bug report on Launchpad (bug 1873898) related to QEMU's handling of BKPT instructions and found that the issue was supposed to be fixed. However, they're still experiencing problems with core dumps, which suggests either the fix isn't applied in their version of QEMU or there's a different underlying issue. + +Looking at the ELF header information provided, the binary is indeed a 32-bit ARM executable with specific ABI flags. The entry point is at address 0xa603, and the program headers look correct. This tells me that the binary itself is correctly formatted for an ARM target. + +The QEMU version they're using is 6.2.0, which might be older or newer than the version where the bug was fixed. If the bug was fixed in a later version, they might need to update their QEMU installation. Alternatively, if the issue persists despite the fix being applied, there could be another problem. + +Considering possible categories for this bug: instruction, syscall, or runtime. The issue seems to revolve around how QEMU handles the 'bkpt' instruction when not running under a debugger. Since the problem arises during execution due to an unhandled exception generated by an ARM instruction (BKPT), it falls under the category of an instruction-related fault. + +So, putting it all together: the bug is likely due to QEMU's incorrect handling of the BKPT instruction in 32-bit ARM Linux-user mode when no debugger is attached. This causes a SIGTRAP signal that isn't properly managed, leading to a core dump. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2078 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2078 new file mode 100644 index 000000000..6af7710b4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2078 @@ -0,0 +1,19 @@ +<think> +Okay, so I have this problem where QEMU crashes when running certain arithmetic operations on the m68k target. The user provided some code examples that cause this crash. Let me try to figure out what's going on here. + +First, looking at the C program they provided: it divides INT_MIN by a divisor, which is -1 in their example. On many systems, dividing INT_MIN by -1 can cause issues because INT_MIN is the smallest integer, and dividing it might not fit into the same type without causing an overflow or undefined behavior. + +The second example is an assembly snippet using m68k instructions: move.l #-2147483648,%d0; move.l #-1,%d1; divsl.l %d1,%d1:%d0. The number -2147483648 is indeed INT_MIN for a 32-bit integer, which is the same as in the C example. + +So, both examples are causing a division operation that might result in an overflow or trap because dividing the minimum integer by -1 could exceed the representable range. Now, in QEMU, when such operations occur, it's supposed to handle traps or exceptions gracefully, but instead, it crashes with SIGFPE (Floating Point Exception). That suggests there's a problem with how QEMU handles these arithmetic operations that trap. + +Looking at the possible categories: instruction, syscall, runtime. The issue seems related to how QEMU handles specific instructions, particularly when they cause exceptions like division by zero or overflow. The crash is due to an unhandled exception in the guest causing QEMU itself to crash instead of properly trapping and handling it. + +So, this isn't about a faulty syscall or a general runtime error; it's specifically about how certain instructions are handled during execution. Therefore, the category should be 'instruction'. +</think> + +The bug is caused by how QEMU handles specific arithmetic operations that result in traps on the m68k target, leading to a crash instead of proper exception handling. + +(instruction) + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2083 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2083 new file mode 100644 index 000000000..fe744c072 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2083 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to figure out what category this bug falls into. The user provided a detailed report about an incorrect result from the SME SMOPA instruction in QEMU. They included code examples and the output they're getting versus what they expect. + +First, let's break down what's happening. The problem is with the SMOPA instruction in AArch64 when using SME (Scalable Matrix Extension). The user provided a Python example that calculates an outer product matrix correctly. Then, their C code uses this same logic but through assembly instructions, and it's giving incorrect results. + +Looking at the output from QEMU, some elements are wrong or zeroed out. For instance, in the first row, 134 is replaced with 478, and so on. The third row seems partially correct, while others are zeros. This suggests that either the data isn't being stored correctly into memory or there's an issue with how the SMOPA instruction processes the data. + +The user is using QEMU to run their code, which indicates that this might be a problem in the emulator rather than hardware. Since they're targeting AArch64 and SME128, it's likely related to how QEMU implements these instructions. + +Considering the categories: 'instruction' relates to faulty instruction descriptions, 'syscall' is about system calls, and 'runtime' covers other runtime errors. Here, the issue arises during the execution of a specific instruction (SMOPA), which isn't behaving as expected. So it's more likely an issue with how QEMU handles that instruction rather than a runtime error or syscall problem. + +Therefore, this bug is probably classified under 'instruction'. +</think> + +The bug report describes an issue where the SMOPA instruction in QEMU produces incorrect results. This suggests a problem with how the instruction is implemented in the emulator. + +(instruction) + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2089 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2089 new file mode 100644 index 000000000..9c648bc02 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2089 @@ -0,0 +1,15 @@ +<think> +Okay, so I need to classify this bug report about the `sqshrn` instruction failing in QEMU but passing on real hardware. Let's see what each category means. + +First, the problem is related to an assembly instruction, specifically `sqshrn`. That makes me think it's about how instructions are emulated, which falls under "instruction" issues. + +Looking at the steps to reproduce: they built a test and ran it in QEMU where two tests failed. The errors show incorrect values being returned compared to what's expected. Since real hardware passes these tests, the issue is likely with how QEMU handles this instruction. + +The possible categories are instruction, syscall, or runtime. Here, the problem isn't about system calls (syscall) nor a general runtime error but specifically an issue with emulating a particular instruction. So it fits under "instruction". + +I think that's the correct classification because the bug is directly tied to how QEMU emulates `sqshrn`, leading to test failures. +</think> + +The bug report describes an issue where the `sqshrn` instruction isn't being emulated correctly in QEMU, causing test failures. This falls under the "instruction" category as it's related to faulty instruction emulation. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2136 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2136 new file mode 100644 index 000000000..3ed105662 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2136 @@ -0,0 +1,19 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report as either 'instruction', 'syscall', or 'runtime'. Let's break down what the user provided. + +The problem occurs when running code using QEMU on a LoongArch host. The issue is with LSX vector instructions getting wrong results. They built Linux-user for LoongArch, ran some tests, and observed incorrect outputs compared to when they run the same code natively or under QEMU on x86_64. + +First, I think about what each category entails: + +1. **Instruction**: This would involve a bug where specific instructions are mishandled by QEMU. Since LSX is mentioned specifically, it's possible that QEMU isn't emulating these vector instructions correctly. + +2. **Syscall**: This relates to errors in system calls. The problem here doesn't mention any issues with system calls but rather incorrect results from computations. + +3. **Runtime**: This covers other runtime errors not falling into the above categories. However, since the issue is specifically about instruction handling, it's more likely related to instructions than a general runtime error. + +Given that the problem arises during vector operations using LSX instructions and the output differs when run under QEMU versus native or another architecture, this points towards an issue with how QEMU handles these specific instructions. Therefore, it's most likely an 'instruction' category bug. +</think> + +The bug is related to incorrect handling of specific vector instructions (LSX) in QEMU, which falls under instruction-level issues. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2175 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2175 new file mode 100644 index 000000000..cbb8ffb3a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2175 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm looking at this bug report about an issue with the BLSI instruction in QEMU. The user provided some code and explained that when they run their example binary on native hardware versus in QEMU, they get different return codes. Specifically, the CF flag isn't being computed correctly after the BLSI instruction. + +First, I need to classify this bug into one of three categories: instruction, syscall, or runtime. Let me think about each category: + +- **Instruction**: This would involve a problem with how QEMU handles specific CPU instructions. If an instruction is causing incorrect results in the registers or flags, that falls under this category. + +- **Syscall**: This relates to system calls, which are functions provided by the OS kernel when called from user space. The issue here doesn't mention any syscalls going wrong; it's about a specific instruction and flags. + +- **Runtime**: This is for general runtime errors not directly tied to instructions or syscalls. For example, memory management issues or threading problems. But this bug seems to be specifically about an instruction's behavior. + +The problem occurs during the execution of the BLSI instruction, which affects the CF flag in the RFLAGS register. The native run and QEMU run produce different results, indicating that QEMU isn't emulating the BLSI instruction correctly regarding the CF computation. + +Since the issue is tied directly to how an instruction (BLSI) is handled, causing incorrect flags, this should be categorized under "instruction." It's not related to syscalls or general runtime issues but rather a specific problem with instruction execution. +</think> + +The bug report details an issue where the BLSI instruction incorrectly computes the CF flag in QEMU. Since it pertains to how an instruction is handled by the emulator, the correct category is: + +**instruction** \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2203 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2203 new file mode 100644 index 000000000..c91af609b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2203 @@ -0,0 +1,11 @@ +<think> +Okay, so I need to classify this bug report about a RISC-V RVV fractional LMUL check being wrong as part of QEMU. The categories are instruction, syscall, or runtime. + +Hmm, RISC-V is an open-source instruction set architecture, and RVV stands for RISC-V Vector Extension. LMUL refers to the lane multiplication factor in vector instructions, which determines how many elements a vector register can hold. A fractional LMUL means that each element is smaller than the base data type, allowing more elements per vector. + +The bug mentions an issue with the fractional LMUL check. This likely relates to how the vector instructions are handled in QEMU's emulation of RISC-V processors. Since it's about a specific aspect of instruction handling—vector operations and their configuration—the problem is probably related to how these instructions are being executed or emulated. + +I'm thinking that this falls under 'instruction' because it's directly tied to how the vector instructions with specific LMUL settings are processed by QEMU. It's not a system call issue, nor is it a general runtime error unrelated to instruction handling. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2302 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2302 new file mode 100644 index 000000000..25457c69e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2302 @@ -0,0 +1,23 @@ +<think> +Okay, I need to figure out how to classify this bug report about qemu-x86_64 crashing with an "Illegal Instruction" when running SPEC CPU 2017 benchmarks. Let's break it down step by step. + +First, the user describes that they're running Perlbench from the SPEC suite using qemu-x86_64 and encountering crashes. They've tried this on three machines, two of which resulted in crashes. The error message is "Illegal instruction," and they provided some debugging output with instructions leading up to the crash. + +Looking at the debugging output, there's a section where an instruction ".byte 0x62" appears. This seems odd because it's just a single byte without an opcode that makes sense in this context. The instruction before that is "movq %rdx, 0xc0(%rbx)", which looks normal. + +The crash occurs with signal 4, which corresponds to SIGILL—meaning an illegal instruction was encountered. This suggests that QEMU is executing an invalid x86_62 instruction or misinterpreting valid instructions in a way that causes the CPU to throw this error. + +Now, considering the categories provided: + +1. **Instruction**: This category refers to issues where a specific instruction is causing problems. Given that the crash happens at a particular point and the last instruction before the crash is ".byte 0x62", which doesn't translate into a valid x86_64 instruction, it's possible that this byte is being treated as an instruction. Alternatively, perhaps QEMU is incorrectly handling certain instructions from the benchmark. + +2. **Syscall**: This would involve issues with system calls. However, in the provided information, there's no mention of syscalls or any indication that a syscall is causing the problem. The error seems to be happening during normal execution, not when making a system call. + +3. **Runtime**: This category covers other runtime errors that aren't specifically related to instructions or syscalls. Since the crash is due to an illegal instruction, it's more about how QEMU handles the instruction set rather than a general runtime issue. + +Given that the error is directly tied to executing an invalid instruction and the presence of a ".byte 0x62" which might not be intended as a valid x86_64 opcode, this points towards an instruction-related problem. It's possible that either the benchmark is generating invalid instructions or QEMU isn't correctly emulating certain instructions, leading to this crash. + +Therefore, the most appropriate category for this bug report is "instruction." +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2317 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2317 new file mode 100644 index 000000000..814f8991f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2317 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out what category this bug falls into for QEMU. The problem is about an instruction not being emulated correctly—the ADDV opcode. + +Looking at the description, the user says that according to the documentation, ADDV Rm, Rn should add Rm and Rn, store the result in Rn, and set the overflow flag T. But in QEMU, it's storing the result in Rm instead of Rn. That means the instruction is being handled incorrectly. + +The steps to reproduce involve a C program that uses inline assembly with ADDV. The real hardware gives different results than QEMU when this instruction is used. So, the issue isn't with a system call or something happening during runtime; it's specifically about how an instruction is emulated in QEMU. + +So, I think the category should be 'instruction' because it's directly related to how a specific CPU instruction is handled. +</think> + +The bug report describes an issue where the ADDV instruction is not being emulated correctly by QEMU. The problem lies in the handling of this specific instruction, which falls under the 'instruction' category. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2318 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2318 new file mode 100644 index 000000000..c670ce7f9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2318 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm looking at this bug report about Qemu not emulating the SUBV instruction properly. The user provided some code and results from both real hardware and Qemu. Let me try to understand what's going on here. + +First, the problem is with the SUBV opcode in the SH4 architecture. According to the documentation, SUBV should subtract two registers (Rn - Rm) and store the result in Rn, setting the T bit if there's an underflow. Underflow typically happens when subtracting a larger number from a smaller one, causing a borrow beyond the sign bit. + +Looking at the code example: register 'a' is 0x80000001 (which is -2^31 +1 in two's complement), and 'b' is 0x2. The SUBV instruction subtracts Rm (b) from Rn (a). So, 0x80000001 minus 2 equals 0x7FFFFFFF. But the T bit should be set because there's an underflow since we're dealing with negative numbers here. + +On real hardware, after the SUBV, 'c' is set to 1 via MOVT, indicating that the T bit was indeed set. However, in Qemu, 'c' remains 0, meaning the T bit wasn't set even though there should have been an underflow. + +So the issue is specifically with how Qemu handles the SUBV instruction's underflow condition. It correctly computes the subtraction but fails to detect and set the T bit when underflow occurs. This points directly to a problem in the emulation of the instruction itself, not any other part like syscalls or runtime errors elsewhere. + +Therefore, this bug falls under the 'instruction' category because it's about incorrect handling of an assembly instruction. +</think> + +The issue is with the SUBV instruction's underflow detection in Qemu. The correct classification is: + +**instruction** + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2319 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2319 new file mode 100644 index 000000000..2c5e8ea7b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2319 @@ -0,0 +1,13 @@ +<think> +Okay, I'm trying to classify this bug report for QEMU. The issue is about an incorrect result when performing the SDIV operation on negative divisors. From what I understand, SDIV is a signed division instruction in SPARC architecture. + +The user provided details that there's a typo in the helper_sdiv() function within target/sparc/helper.c. This typo causes the divisor to be treated as unsigned instead of signed. When they tested with specific values (-1 and -128, etc.), instead of getting 1, they got 0. That definitely points to an issue with how division is handled for negative numbers. + +Looking at the provided patch, it seems that in the code, 'a64 /= b;' was changed to 'a64 /= b32;'. The variable names might be related to signed and unsigned handling. This change likely ensures that both operands are treated correctly as signed 32-bit integers during division. + +Now, classifying this bug: it's an issue with how the SDIV instruction is implemented in QEMU. Since SDIV is a specific instruction causing incorrect results due to a code typo, this falls under the "instruction" category. +</think> + +The bug involves an error in handling the SDIV instruction, specifically when dealing with negative divisors. This is directly related to how instructions are processed and executed. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2371 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2371 new file mode 100644 index 000000000..90cdb5d7f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2371 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. Let me read through the problem description carefully. + +The issue is about an incorrect handling of the froundnx.h instruction in RISC-V. The helper function helper_froundnx_h has a typo where it uses check_nanbox_s instead of check_nanbox_h, which affects how NaN values are handled. When an incorrectly NaN-boxed value is passed to this instruction, QEMU returns 0 instead of a canonical NaN. + +Looking at the steps provided, they involve compiling and running a test program that interacts with QEMU. The problem occurs during runtime when executing the froundnx.h instruction. + +So, the categories I need to choose from are instruction, syscall, or runtime. Since this is related to how an instruction is handled by the CPU emulator (QEMU), it's more about the execution of a specific instruction rather than a system call or a general runtime error elsewhere. + +Wait, but the helper function is part of the FPU emulation in QEMU. The bug affects the processing of the froundnx.h instruction, which is an assembly-level operation. So this seems to fall under how instructions are handled during execution. + +Alternatively, it could be considered a runtime issue because it's happening while the program is running and not during compilation or linking. But since the problem is specific to the implementation of an instruction within QEMU, I think "instruction" might be more precise here. The error occurs because the helper function mishandles the NaN boxing for this particular instruction. + +Hmm, but the classification options are limited to three: instruction, syscall, runtime. Since the problem is about how an instruction (froundnx.h) is being incorrectly handled by QEMU's FPU helper functions, it's directly tied to the processing of that specific instruction. Therefore, "instruction" seems like the appropriate category. + +Wait another thought: The issue arises during the execution of the program when this instruction is processed. It's not a problem with how instructions are decoded in general but rather an incorrect implementation for one specific instruction. So yes, it's about the handling of that particular instruction by QEMU. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2372 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2372 new file mode 100644 index 000000000..2294d62cc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2372 @@ -0,0 +1,11 @@ +<think> +Alright, so I'm trying to figure out what category this bug falls into. The problem description talks about an issue with the AArch64 UMOPA/UMOPS instructions, specifically their 4-way variant. It mentions that the helper function in QEMU isn't correctly converting element types before multiplication. + +Looking at the provided code, the helper function DEF_IMOP_64 is defined, and it's used for umopa_d. The issue arises because when multiplying elements from the source registers (which are 16-bit), they're being cast to uint16_t but then implicitly converted to int32_t during multiplication. This leads to incorrect sign extension instead of zero extension, which affects the sum calculation. + +The steps to reproduce involve writing a test program that uses these instructions and observing an incorrect output when run on QEMU with the bug. The expected result after fixing should produce different values, indicating that the helper function's type casting is the root cause. + +Since this problem is related to how specific ARM instructions are handled in the emulator (QEMU), it falls under instruction processing. The issue isn't a syscall or a runtime error in general; instead, it's about QEMU misinterpreting or incorrectly executing these particular AArch64 instructions. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2373 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2373 new file mode 100644 index 000000000..3310ecc41 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2373 @@ -0,0 +1,18 @@ +<think> +Alright, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. + +The problem description talks about an issue with the fmopa instruction in AArch64. It mentions that during matrix multiplication and accumulation, when using a widening variant, each element should be converted from 16-bit floating point to 64-bit. However, the current implementation incorrectly uses the FZ flag instead of considering FZ16 when dealing with 16-bit elements. + +The steps to reproduce involve writing a C program that sets up specific registers and executes this faulty fmopa instruction within QEMU. The expected output isn't achieved because of how the flags are being handled during conversion. + +Looking at the categories: +- **Instruction**: This seems relevant since it's about how the fmopa instruction is handling data conversions, specifically using the wrong flag. +- **Syscall**: Not applicable here as there's no mention of system calls or related issues. +- **Runtime**: While runtime errors can occur, this issue is more specific to an instruction's execution rather than a general runtime problem. + +Therefore, this bug falls under the "instruction" category because it pertains directly to how the CPU instruction processes data incorrectly based on specific flags. +</think> + +The bug report describes an issue with how the fmopa instruction handles floating-point conversions using the wrong flag (FZ instead of FZ16). This is a problem with the processing of an instruction, not related to system calls or general runtime errors. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2374 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2374 new file mode 100644 index 000000000..80368c03f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2374 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let's see what each category means. + +The problem is about the fmopa instruction in AArch64 not generating default NaNs correctly when using the 32-bit variant. The user provided code snippets showing that instead of getting a default NaN (0x7fc00000), they're getting 0xffffffff, which isn't the standard NaN. + +Looking at the code, there's an issue in the helper function for SME instructions. Specifically, the float_status pointer is being passed incorrectly to the multiplication function. The comment says that &fpst should be used instead of vst. So it looks like a bug in how the instruction is handled during execution. + +Since this is about the implementation and handling of an ARM instruction (fmopa) within QEMU's emulator, I think it falls under the "instruction" category. It's not related to syscalls or runtime errors but rather incorrect processing of a specific instruction. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2375 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2375 new file mode 100644 index 000000000..4b60925d7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2375 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to classify this bug report about the AArch64 FJCVTZS instruction in QEMU. Let's see what the problem is and figure out which category it falls into. + +The user described an issue where the helper function for the fjcvtzs instruction isn't handling denormalized numbers correctly when the FPCR.FZ bit is set. This causes the Z flag to be incorrectly set even when the conversion result should clear it. The bug report includes code snippets, steps to reproduce, and additional information. + +Looking at the possible categories: instruction, syscall, runtime. + +The problem revolves around how a specific instruction (fjcvtzs) behaves under certain conditions, specifically with denormalized numbers. It seems like the helper function isn't correctly checking if the input is denormalized, leading to an incorrect state of the Z flag. + +Since the issue is related to how an ARM instruction is being handled in QEMU, it's directly tied to the processing of that specific instruction. Therefore, this bug falls under the "instruction" category because it describes a faulty behavior of the fjcvtzs instruction. +</think> + +The issue pertains to incorrect handling of an AArch64 instruction by QEMU, specifically how the FJCVTZS instruction processes denormalized numbers. This affects the state flags, indicating a problem with instruction execution. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2376 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2376 new file mode 100644 index 000000000..5a3301a63 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2376 @@ -0,0 +1,19 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me go through each part step by step. + +First, looking at the problem description. The issue is with the vcmla instructions in ARM. These are vector complex multiply and accumulate instructions. The helper functions for these instructions have a bug where they modify an irrelevant vector register. Specifically, the elements per segment calculation is incorrect because 16 divided by the size of float16 or float32 might not be correct. + +In the provided code snippets, the variables eltspersegment are set to 16 divided by the size of the data type. For float16 (half-precision), that would be 8 elements per segment because each element is 2 bytes (16/2=8). Similarly, for float32 (single-precision), it's 4 elements per segment (16/4=4). However, the current code uses 16 divided by the size, which gives the correct number of elements. Wait, maybe I'm misunderstanding. The comment says "This should be fixed," implying that perhaps the initial value is wrong. + +Looking at the steps to reproduce: when running the test program on QEMU with the bug, D31 gets modified unexpectedly. It was supposed to remain as 0xff bytes but instead changes to some other values after the vcmla instruction runs. This suggests that the helper functions are incorrectly writing data beyond their intended target. + +The problem arises because the helper function's loop iterates more times than it should, potentially accessing or modifying unintended vector elements. The calculation of eltspersegment is likely incorrect, causing out-of-bounds access. So the bug is in how the vector instructions handle element counts, leading to incorrect register writes. + +So, this seems like an issue with how the instruction is being handled by QEMU's emulator. It's not a problem with a system call (syscall) nor is it about runtime errors unrelated to specific instructions. Instead, it's directly tied to the execution of the vcmla instructions, meaning the bug is in how the instruction is implemented. + +Therefore, this should be classified under the 'instruction' category because it relates to the faulty handling of a specific ARM instruction within QEMU. +</think> + +The issue pertains to incorrect handling of the `vcmla` instruction, specifically how it modifies unintended vector registers due to an out-of-bounds error in element counting. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2386 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2386 new file mode 100644 index 000000000..4d01fcfef --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2386 @@ -0,0 +1,121 @@ +<think> +Okay, so I'm looking at this bug report about the RISC-V SLL instruction not working correctly in QEMU. The user provided some code snippets and output to illustrate the issue. Let me try to break this down step by step. + +First, the problem is that when using the SLL (shift left logical) instruction in RISC-V, the result isn't as expected. According to the RISC-V ISA manual, SLL should shift the value in register rs1 by the amount specified in the lower 5 bits of register rs2. But in this case, it seems like an extra shift is happening. + +Looking at the code provided: + +They have two variables a and b with specific values. The assembly instruction `sll %0, %1, %2` is used to compute c as the result of shifting b left by the amount in a's lower 5 bits. + +When they run this through QEMU, the output shows that the result is `55c3585000000000`, but the expected value is `b4d6868655c35850`. The user suggests that the correct shift occurs first, then an additional 32-bit left shift happens, which they don't want. + +So what's happening here? Let me think about how shifts work. For a 64-bit value, shifting by more than 63 would result in zero because all bits are shifted out. But wait, the lower 5 bits can only be from 0 to 31 (since 2^5 = 32). So why is there an extra shift? + +Wait, looking at the code, a is `0x69C99AB9B9401024`. Taking the lower 5 bits of this value would be `a & 0b11111`, which is 4 in decimal because the last five bits are '000100' (binary) or 4. So the shift amount should be 4. + +Let me calculate what b shifted left by 4 should be. The value of b is `0xDB4D6868655C3585`. Shifting this left by 4 bits would result in `DB4D6868655C3585 << 4 = B4D6868655C35850` (since shifting each hex digit left by 4 is equivalent to multiplying by 16). + +But the output from QEMU is `55c3585000000000`, which looks like the correct shifted value but with an extra shift of 32 bits. Because if you take `B4D6868655C35850` and shift it left by 32, you get `55C3585000000000`. So why is this happening? + +Wait a minute, maybe the issue isn't with QEMU but how the variables are being handled. Let me check the C code again. + +The asm statement uses three operands: %0 for c (the result), %1 for b, and %2 for a. But in the RISC-V SLL instruction, the shift amount is only supposed to use the lower 5 bits of rs2. So in this case, a's value is `0x69C99AB9B9401024`, whose lower 5 bits are 4 (since 0x24 in hex is 36 in decimal, but wait, that can't be right because 0x24 is 36, which is more than 5 bits. Wait, no: the lower 5 bits of a would be the last five bits of the binary representation. + +Wait, 0x24 in hex is 00100100 in binary for an 8-bit value. But since we're dealing with a 64-bit register, the lower 5 bits are the least significant five bits of a's entire 64-bit value. So let me compute that. + +The variable a is `0x69C99AB9B9401024` as a 64-bit number. To find the lower 5 bits, I can compute a & 0b11111 (31). Let's calculate: + +a = 0x69C99AB9B9401024 +Let me extract the last 5 bits: +The hexadecimal digit '2' in 0x...024 is the last three bits. The full binary of 0x24 (last two hex digits) is 00100100, but for a 64-bit number, we need to look at all 5 bits. + +Wait, perhaps I made a mistake earlier. Let me compute a mod 32 because the lower 5 bits determine the shift amount. + +a = 0x69C99AB9B9401024 +To get a mod 32: The last five bits correspond to the value of a & 31. + +Let's calculate a in decimal and then mod by 32: + +But that's tedious. Alternatively, for any number, the lower 5 bits are determined by looking at the last two hex digits because each hex digit is four bits. So, 0x...024: The last two hex digits are '24'. Converting '24' to binary: 0010 0100. Now, take the lower five bits from this, which would be bits 0-4 (rightmost). Wait, no: for a 64-bit number, we need to consider all 64 bits and extract the last five. + +Alternatively, perhaps the issue is that when passing 'a' as the shift amount in the asm instruction, QEMU isn't correctly masking it to 5 bits. So if the third operand (rs2) has more than 5 bits set, the shift amount could be larger than intended, causing a bigger shift than expected. + +Wait, looking at the problem again: The correct_shift_res is calculated as b shifted left by (a & 0b11111), which is 4. So correct_shift_res should be 0xB4D6868655C35850. + +But in QEMU's output, it's shifting this result again by another 32 bits to the left, giving 0x55C3585000000000. That suggests that somewhere, the shift amount is being treated as a larger number than intended, possibly because the masking isn't done correctly. + +So perhaps QEMU's SLL instruction is not properly applying the mask to the lower 5 bits of rs2 and instead uses the full value, leading to an incorrect shift amount. In this case, if rs2 is 'a', which has a value that when treated as a 64-bit integer is larger than 31 (since it's 0x...024), then using all bits could lead to a shift of more than 5 bits. + +Wait, no: the RISC-V SLL instruction only uses the lower 5 bits for the shift amount. So QEMU should be applying a mask of 0b11111 (31) to rs2 before shifting. If it's not doing that and instead using the full value of rs2, which is a large number like 0x69C99AB9B9401024, then the shift amount would be way larger than intended. + +In this case, if rs2 is used as is, its lower bits beyond 5 could cause a shift by more than 31. Let me see what 0x69C99AB9B9401024 mod 64 is (since shifting by 64 in 64-bit would result in zero). Wait, but that's not the case here because 0x24 is 36 in decimal. So 36 mod 64 is 36. Shifting a 64-bit number left by 36 bits would leave only the lower 64-36=28 bits set. + +Wait, but that doesn't align with the output seen. Alternatively, perhaps QEMU is treating the shift amount as signed or something else is wrong. + +Alternatively, maybe the issue is in how the operands are passed to the asm statement. Let me look at the C code again: + +asm volatile("sll %0, %1, %2" : "=r"(c) : "r"(b), "r"(a)); + +Here, 'a' is a uint64_t variable, and when used as an immediate in assembly, perhaps QEMU isn't correctly handling the shift amount. Or maybe the way the assembler interprets it is different. + +Wait, no, in RISC-V assembly, the SLL instruction uses rs2's lower 5 bits for the shift. So if 'a' is passed as a register, then the lower 5 bits should be used. But perhaps QEMU isn't correctly implementing this and instead using all bits of rs2 for the shift amount. + +So in the given example, rs2 is 0x69C99AB9B9401024, whose value mod 32 (since lower 5 bits) is 0x24 & 0b11111 = 4. So the correct shift should be by 4. + +But if QEMU isn't masking rs2 and instead uses the full value of a as the shift amount, which is 36 (from 0x24), then shifting b left by 36 would produce a different result. + +Wait, let's calculate that. Shifting 0xDB4D6868655C3585 left by 36 bits: + +In Python: + +b = 0xDB4D6868655C3585 +shift = 36 +result = (b << shift) & 0xFFFFFFFFFFFFFFFF + +But wait, that would be a very large shift. Let me compute it. + +Wait, but in reality, when shifting a 64-bit number left by 36 bits, the lower 28 bits would be zero, and the upper part would wrap around if beyond 64 bits. But let's see: + +The correct expected result is 0xB4D6868655C35850 after shifting by 4. + +But in QEMU, it's giving 0x55C3585000000000, which seems like the correct shift (by 4) followed by another shift of 32 bits. So 0xB4D6868655C35850 is 64 bits; shifting it left by another 32 would result in 0x55C3585000000000. + +So why would an extra shift happen? That suggests that the shift amount used was 36 (4 + 32), but that doesn't make sense. Alternatively, perhaps QEMU is using a different part of the register for the shift amount. + +Wait another angle: maybe the issue is with how the third operand is being treated as an immediate value instead of a register. In some assemblers, if you use an immediate without proper handling, it could cause unexpected behavior. + +But in this case, the asm statement uses 'r' constraints, meaning they're passed as registers. So rs2 should be the value from register a. + +Wait, perhaps QEMU is using the higher 5 bits instead of the lower 5? Or maybe there's an endianness issue. + +Alternatively, could it be that in some versions of RISC-V or QEMU, the shift amount isn't properly masked to 5 bits for SLL, leading to using more bits than intended? + +So putting this all together, the bug seems to be related to how the SLL instruction processes the shift amount. Instead of correctly using only the lower 5 bits of rs2, it's either not masking or incorrectly extracting those bits, leading to an incorrect shift. + +Therefore, since the issue is with an instruction (SLL) not behaving as per theISA specification, the category should be "instruction". +</think> + +The bug report describes a problem where the SLL instruction in QEMU does not correctly apply the specified shift amount, resulting in an incorrect output. The issue arises because the instruction uses more than just the lower 5 bits of rs2 for the shift amount, leading to unexpected results. + +**Step-by-Step Explanation:** + +1. **Understanding the Instruction**: The SLL (Shift Left Logical) instruction is intended to shift the value in register rs1 by the number of bits specified in the lower 5 bits of register rs2. This means only the least significant 5 bits of rs2 are considered for the shift amount. + +2. **Reproducing the Issue**: + - The provided code initializes two 64-bit variables `a` and `b`. + - It uses inline assembly to perform an SLL operation on `b` using the lower 5 bits of `a` as the shift amount. + - The expected result is a left shift by 4 bits (since `a & 0x1F = 4`), but QEMU's output shows an additional 32-bit shift. + +3. **Analyzing the Output**: + - Correct shift result: `(b << 4)` should be `0xB4D6868655C35850`. + - QEMU's incorrect result: `0x55C3585000000000`, which is the correct result shifted left by another 32 bits. + +4. **Identifying the Cause**: + - The extra shift suggests that instead of using only the lower 5 bits, QEMU uses a larger portion of `a`, possibly interpreting it as a signed or extended value beyond the intended 5 bits. + - This leads to an incorrect shift amount being applied, resulting in unexpected output. + +5. **Conclusion**: The issue lies within the SLL instruction's implementation in QEMU, where it does not correctly mask rs2 to use only the lower 5 bits for the shift amount, causing incorrect results. + +**Answer:** + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2419 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2419 new file mode 100644 index 000000000..30273c302 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2419 @@ -0,0 +1,15 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me try to understand what's going on here. + +The problem is about the ldapr_stlr_i instructions in QEMU. The user mentions that these instructions model load acquire and store release immediate operations. They found a bug where the imm field isn't correctly handling signed offsets. Instead of treating it as a signed 9-bit value (s9), it's being treated as an unsigned 9-bit value (9). This causes issues when the imm value is negative, leading to incorrect calculations in QEMU. + +Looking at the steps to reproduce: running on ARM target and generating such instructions leads to wrong immediate calculations if the imm is negative. The user fixed it by changing the imm field from 9 to s9, which made a difference in how it's handled in the generated code—specifically using sextend32 instead of extend32. + +Now, classifying this: The issue is related to how QEMU handles specific instructions and their immediate values. It's not about system calls (syscall) or runtime errors like memory management issues (runtime). Instead, it's a problem with the instruction decoding and handling—how the imm field is interpreted as signed versus unsigned. + +So, I think this falls under the "instruction" category because it directly relates to how instructions are processed by QEMU. +</think> + +The bug report discusses an issue with specific ARM64 instructions (ldapr_stlr_i) where the immediate value isn't correctly handled as a signed 9-bit value. This affects instruction processing, not system calls or runtime errors. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2422 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2422 new file mode 100644 index 000000000..98b229179 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2422 @@ -0,0 +1,9 @@ +<think> +Alright, let's try to figure out how to classify this bug report for QEMU. The user provided a detailed description and some code examples. + +The problem revolves around the `vsetvli` instruction in RISC-V. According to the spec, when certain conditions are met (like changing VLMAX), the `vill` bit should be set. However, QEMU isn't doing this, causing an assertion failure in their test case. + +Looking at the possible categories: instruction, syscall, runtime. Since the issue is about how an instruction (`vsetvli`) is being handled by QEMU, it seems to fall under the "instruction" category. The problem arises because QEMU isn't correctly implementing the behavior specified for this vector instruction. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2474 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2474 new file mode 100644 index 000000000..fb2e1f791 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2474 @@ -0,0 +1,17 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let's go through the problem step by step. + +The user provided a detailed bug report about an issue with the translation of the "vpgatherqq" instruction in QEMU. They observed that when using xmm4 as part of the gather instruction, the offset calculation was incorrect. The offsets for other registers like xmm2 and xmm5 were expected to be in an arithmetic sequence butxmm4's offset wasn't matching. + +They provided assembly code where different xmm registers are used in vpgatherqq instructions. When compiling and running this with QEMU, the generated micro-ops showed that the offset for xmm4 was 0x310 instead of the expected 0x450. They tracked down the issue to a specific part of the code in QEMU's translator. + +The problematic section is in target/i386/tcg/translate.c, specifically the gen_lea_modrm_0 function around line 2215. The code there checks if rm (register) is 4 and then processes it further. It seems that when index is 4, it's set to -1, which might be causing incorrect offset calculations for registers beyond a certain point. + +From the output, using xmm4 resulted in an unexpected offset of 0x310, while others like xmm2 and xmm5 had their expected offsets based on an arithmetic sequence. This suggests that QEMU is misinterpreting how the registers are being used in the gather instruction when register 4 (xmm4) is involved. + +The fact that the helper function for vpgatherqq also uses a wrong value further supports that this is a translation issue specific to certain instructions, not a runtime error or a system call problem. The error occurs during the generation of micro-ops, which is part of instruction execution. + +So, categorizing the bug: it's an issue with how QEMU translates and handles a specific instruction ("vpgatherqq") when involving certain registers like xmm4. Therefore, this falls under the "instruction" category. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2483 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2483 new file mode 100644 index 000000000..92edea941 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2483 @@ -0,0 +1,22 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. The user provided some code and described what happens when they run it in QEMU. Let me break down the problem step by step. + +First, looking at the code snippet: + +The code moves the stack pointer (SP) into A1, then copies 0x68 bytes from A0 to A1. After that, there's a loop copying each byte and decrementing D0 until it reaches zero. Finally, there's a jsr (jump subroutine) instruction using the SP as the destination. + +The user mentions that when the jsr is executed with SP at 0x3bfc, QEMU behaves incorrectly. Instead of jumping to 0x3bfc and putting the return address correctly on the stack, it seems like the return address is being placed at 0xb3f8, which doesn't make sense because 0xb3f8 is a different memory location than where the SP points. + +The GDB screenshot shows that the PC (program counter) jumps to 0x3bf8 and starts executing garbage, indicating that the return address isn't correctly handled. This suggests an issue with how QEMU handles the jsr instruction when the target is on the stack. + +Now, considering the categories provided: instruction, syscall, runtime. + +This problem seems related to how the CPU instruction (jsr) is being executed by QEMU. The bug occurs during the processing of this specific instruction, leading to incorrect behavior in the program flow. Therefore, it's likely an issue with the instruction handling rather than a system call or a runtime error elsewhere. + +So, the category should be 'instruction' because it involves a faulty execution of the jsr instruction. +</think> + +The bug report describes an issue where QEMU incorrectly handles the `jsr (SP)` instruction, leading to unexpected behavior. This is related to how the instruction is processed by the emulator. + +**Answer:** +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2487 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2487 new file mode 100644 index 000000000..e81752085 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2487 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out how to classify this QEMU bug. The user provided a detailed bug report where running a simple x86_64 executable under QEMU crashes with an error message about a code path not being reached in the tcg-target.c.inc file. + +Looking at the steps, it seems that compiling a basic C program into a static executable and then running it using QEMU leads to this crash. The error occurs in the TCG (Translation Component Generator) part of QEMU, specifically in the PPC target code when testing something. + +The bisect points to a commit by Paolo Bonzini from October 2023. That commit was about optimizing certain test operations for i386 targets, using TSTEQ and TSTNE instructions instead of other comparisons. It looks like this change might have introduced an issue in how the code is generated or translated. + +The error message says "code should not be reached," which suggests that there's a condition in the code that's being hit when it shouldn't be. That means during translation, some unexpected path is taken, causing QEMU to crash instead of handling the instruction properly. + +So, considering the categories: instruction, syscall, runtime. This doesn't seem related to a specific system call or an error occurring at runtime beyond the execution of user code. It's more about how instructions are being translated and handled in the TCG layer. Since it's crashing during the translation or execution of instructions, I think this falls under 'instruction' because it's related to processing machine-level operations. + +The bug is likely due to a miscalculation or incorrect handling of an instruction during code generation. The commit introduced changes to how certain test operations are handled, and that might have exposed a bug in the PPC target's TCG backend when translating x86_64 executables. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2495 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2495 new file mode 100644 index 000000000..9fa2963f2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2495 @@ -0,0 +1,23 @@ +<think> +Okay, I'm looking at this bug report about QEMU emitting invalid TCG when lifting MMX instructions with redundant REX prefixes. So the issue seems to be related to how QEMU handles certain x86-64 assembly instructions. + +The user provided two examples: `490f7ec0` which is `movq r8, mm0`, and after changing the REX prefix to `4f`, it becomes another instruction. The lifted TCG changes in a way that affects the offset used for MMX registers. This leads to incorrect behavior where R8 doesn't get the expected value from MM0. + +In the test case, when using the original instruction without the redundant REX prefix, QEMU correctly handles it. But with the modified REX prefix, it seems to use a wrong offset, causing data to be read from an incorrect location in memory. + +The user also mentioned that this bug resembles issue #2474, which I assume is another bug related to MMX instructions or REX prefixes in QEMU. The steps to reproduce involve compiling a test program and running it under QEMU, where the output doesn't match expectations because of this TCG generation error. + +The problem occurs during runtime when executing these specific MMX instructions with certain REX prefixes. It's not about handling system calls or faulty instructions per se, but more about how the code is translated into intermediate code by QEMU's TCG (Translation-Caching JIT compiler). The incorrect offset leads to wrong data being loaded into registers, which affects the program's execution. + +So, categorizing this bug: it's related to instruction handling because it's about how specific instructions are lifted and translated. However, since it's more about runtime behavior due to incorrect TCG generation rather than an outright faulty instruction recognition, I might lean towards 'runtime'. But considering that the core issue is with how the instruction is being processed (specifically the REX prefix affecting MMX register access), maybe 'instruction' fits better. + +But wait, the issue arises during execution because of a translation error, so perhaps it's a runtime problem. However, the root cause is in the handling of the instruction by the TCG generator. Hmm. + +Looking back at the possible categories: 'instruction', 'syscall', 'runtime'. The bug report mentions that the lifted TCG is invalid for these MMX instructions with redundant REX prefixes. So it's about how QEMU translates specific x86-64 instructions into TCG code, leading to incorrect behavior during runtime. + +Therefore, I think this falls under the 'instruction' category because it's about handling of a particular instruction type (MMX with certain REX prefixes) leading to faulty translation and subsequent runtime errors. +</think> + +The bug is classified as an issue with instruction handling in QEMU due to improper translation of MMX instructions with specific REX prefixes. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2497 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2497 new file mode 100644 index 000000000..4a8feb6f8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2497 @@ -0,0 +1,25 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU not implementing the FPIAR register in the m68k FPU. The user provided some details, and I need to figure out which category it falls under: instruction, syscall, or runtime. + +First, let me understand what's happening here. The problem is that QEMU doesn't implement the FPIAR (Floating Point Interface Address Register) register. This causes issues when test code tries to write to it and then read back the value, resulting in a failure because the written value isn't retrieved correctly. + +Now, looking at the categories: + +1. **Instruction**: This category involves bugs where specific instructions are faulty or not handled correctly by QEMU. The example given is `fmove`, which is an instruction that moves data between registers. Since the test code uses `fmove` and expects it to work with FPIAR, but it doesn't because FPIAR isn't implemented, this might relate to how instructions are handled. + +2. **Syscall**: This would be about errors related to system calls. The problem here isn't about syscalls; it's about the FPU registers, so I don't think this is relevant. + +3. **Runtime**: This category covers other runtime errors not falling under instruction or syscall. Since QEMU isn't handling a specific register during runtime, causing tests to fail when they interact with that register, this could fit here. + +So, the issue arises because certain instructions rely on FPIAR being implemented. However, the core problem is the absence of support for a particular register in the FPU, which affects how these instructions function. Therefore, it's more about the handling of a specific instruction rather than a general runtime error or a syscall issue. + +Wait, but maybe I'm conflating things. The bug isn't that `fmove` itself is faulty; it's that when `fmove` writes to FPIAR, QEMU doesn't implement FPIAR, so reading back the value fails. So it's an instruction handling problem because the instructions are relying on a register that's not implemented. + +Alternatively, since FPIAR isn't implemented, any instruction that uses it would cause issues. Therefore, this is about incorrect implementation of how certain instructions interact with FPIAR. + +So perhaps the category is **instruction**, as it relates to the handling of specific instructions like `fmove` when they involve FPIAR. +</think> + +The issue pertains to the handling of instructions that rely on the FPIAR register, which isn't implemented. Therefore, it falls under: + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2498 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2498 new file mode 100644 index 000000000..d2b8dc907 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2498 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to classify this bug report for QEMU. Let's read through it carefully. + +The problem is about an incorrect order when handling `fmovem` instructions involving multiple FPU control registers on the m68k architecture. The manual specifies that these registers should be moved in a specific sequence: first the floating-point control register, then the status register, and lastly the instruction address register. However, QEMU is currently processing them in reverse order. + +The user provided a code snippet showing changes to `translate.c`. In this diff, they're modifying loops that handle reading or writing these registers. The original code was iterating from higher indices down to lower (like i=2 to 0), which might have been causing the reversed order. The fix adjusts the loop direction and mask handling to ensure the correct sequence. + +So, considering the categories: instruction, syscall, runtime. This issue is about how QEMU handles a specific instruction (`fmovem`) with certain registers. It's not related to system calls or general runtime errors; it's an error in executing an instruction as per the architecture manual. Therefore, this falls under the 'instruction' category. +</think> + +The bug report describes an issue with handling a specific instruction (`fmovem`) incorrectly. This is classified as an instruction-related problem. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2499 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2499 new file mode 100644 index 000000000..29d36ab54 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2499 @@ -0,0 +1,18 @@ +<think> +Okay, so I need to classify this bug report related to QEMU. The user provided a description about an issue where certain instructions (fsave and frestore) aren't being handled correctly on specific CPUs. + +First, let me understand the problem. The user says that valid code for 68020/68030 uses fsave/frestore with external FPU units like 68881 or 68882. But QEMU only allows these instructions on 68040 and others get an exception. So the issue is that certain CPUs aren't handling these FPU instructions properly. + +Looking at the provided code, the change seems to adjust how features are checked in the translation process. The original code checks for M68K_FEATURE_M68040, but the user suggests changing it to check for M68K_FEATURE_FPU instead. This makes sense because whether fsave/frestore is allowed should depend on having an FPU, not just being a 68040. + +Now, classifying this bug: It's about how instructions are handled. The issue arises when specific instructions (fsave and frestore) cause exceptions incorrectly. So it's related to the processing of these instructions in QEMU. + +Considering the categories provided: +- Instruction: Faulty handling of an instruction. +- Syscall: Error with system calls. +- Runtime: Other runtime errors. + +This bug is about how certain instructions are being treated, specifically causing incorrect exceptions. Therefore, it falls under 'instruction' because it's directly related to the handling of specific CPU instructions. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2500 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2500 new file mode 100644 index 000000000..f50046470 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2500 @@ -0,0 +1,17 @@ +<think> +Okay, I'm trying to classify this bug report about QEMU and the m68k MMU instructions. Let's read through it carefully. + +The problem is that the 68030 has specific MMU instructions like `pmove` which aren't implemented in QEMU. The issue is that these instructions have the same encoding as F-line instructions, causing an exception instead of performing the intended load or store operation on the MMU. + +So, what category does this fall into? The options are instruction, syscall, or runtime. + +The bug is about a specific instruction (`pmove`) not being handled correctly. It mentions that QEMU doesn't implement it and incorrectly raises an F-line exception instead. This seems to be directly related to how instructions are processed in the emulator. + +Therefore, this falls under the "instruction" category because it's about handling a particular CPU instruction incorrectly. +</think> + +The bug report discusses a specific MMU instruction (`pmove`) not being implemented correctly in QEMU, leading to an exception instead of the intended operation. This is related to how instructions are handled by the emulator. + +**instruction** + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2595 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2595 new file mode 100644 index 000000000..f6ebe7d79 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2595 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. The problem is about incorrect behavior with SDOT and UDOT instructions on ARM SVE when the vector length is 64 or higher. + +Looking at the description, the user mentions that when they run their code using QEMU with different sve-default-vector-length settings, results are correct for lengths less than 64 but wrong for 64 and above. They provided steps to reproduce, including compiling a C program and running it in QEMU. The issue seems to stem from how these specific instructions (SDOT/UDOT) are handled by QEMU when the vector length is larger. + +The user also notes that using other tools like the Instruction Emulator and gem5 gives correct results, suggesting that QEMU's implementation of these instructions is faulty. This points towards an issue in how the SDOT and UDOT instructions are being executed or interpreted within QEMU. + +Since the problem revolves around specific assembly instructions (sdot and udot) producing incorrect output when using certain vector lengths, it likely falls under a fault in the instruction handling rather than a runtime error or a syscall issue. The classification should be based on whether the bug is about how instructions are processed. + +Therefore, the category for this bug report is "instruction." +</think> + +The bug report describes an issue with specific ARM SVE instructions (SDOT and UDOT) producing incorrect results in QEMU when the vector length is 64 or higher. This points to a problem with how these instructions are being handled by the emulator. + +**Answer: instruction** \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2604 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2604 new file mode 100644 index 000000000..dc34c2e54 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2604 @@ -0,0 +1,23 @@ +<think> +Okay, so I'm trying to classify this bug report related to QEMU. The user provided some details about the crash when running NEON code under `qemu-arm-static`. Let me go through the information step by step. + +First, they mentioned that `qemu-arm-static` crashes 100% of the time when executing generated NEON code. This specifically happens with GStreamer's Orc library using NEON codegen in user emulation mode. When run in system emulation mode, it works fine. So there's a difference between how user and system modes handle this. + +Looking at the steps to reproduce: they cloned the Orc repository, built it statically, and ran `qemu-arm-static` on the compiled tool. The crash occurs inside JIT code, which suggests that the issue is related to just-in-time compilation or execution of generated machine code. + +The backtrace shows a segmentation fault at address 0x409e503c, but there's no function name attached. Disassembling around that address reveals NEON instructions: `vld1.8`, `vst1.8`, and some additions. The crash is happening on the next instruction after these, which is an addition (`add r3, r3, #16`). + +Since it's a segmentation fault without any indication of invalid memory access (the disassembled code doesn't show anything like an illegal address), I suspect it might be related to how QEMU handles NEON instructions or JIT compilation. Maybe there's an issue with how the generated code is being handled by QEMU in user mode, such as incorrect instruction decoding or handling. + +The possible categories are instruction, syscall, and runtime. The crash isn't due to a syscall error because it's happening within the generated JIT code. It also doesn't seem like a memory access violation since GDB didn't report that. So it's more likely related to how instructions are being handled. + +The fact that the same executable works in system mode suggests that user mode has a different handling of NEON or JIT-generated code. Perhaps there's an issue with instruction decoding or invalidation in user emulation mode, leading QEMU to crash when encountering certain NEON sequences. + +So, considering all this, the category is likely "instruction" because it's about how specific instructions (NEON) are being handled by QEMU. +</think> + +The bug report describes an issue where `qemu-arm-static` crashes while executing generated NEON code. The problem arises during JIT execution and involves specific NEON instructions. This indicates a potential flaw in how these instructions are processed or decoded within the user emulation mode of QEMU. + +**Category: instruction** + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/266 b/results/classifier/deepseek-r1:32b/reasoning/instruction/266 new file mode 100644 index 000000000..1cba7aeb4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/266 @@ -0,0 +1,21 @@ +<think> +Okay, I need to classify this bug report about QEMU into one of three categories: instruction, syscall, or runtime. The report mentions that the 'mtfsf' instruction can clear FI incorrectly. Let's break this down. + +First, what is 'mtfsf'? From my understanding, in PowerPC architecture, 'mtfsf' stands for "move to fixed single floating-point" and is used to modify the FPSCR (Floating Point Status Control Register). This register controls various aspects of floating-point operations, including exception flags. + +The bug states that using this instruction incorrectly clears the FI bit, which I believe stands for Floating-Point Invalid bit. If FI is cleared when it shouldn't be, it could lead to incorrect handling of floating-point exceptions, causing issues in applications relying on these status bits. + +Now, looking at the categories: + +1. **Instruction**: This category deals with issues related to specific CPU instructions and their behavior. Since 'mtfsf' is a specific instruction that's causing a problem, this seems relevant. + +2. **Syscall**: This relates to errors in system calls made by the OS or applications. The issue here isn't about syscalls but rather an instruction within QEMU's emulation of the CPU. + +3. **Runtime**: Covers other runtime errors not related to instructions or syscalls. Since the problem is with how a specific instruction behaves, it doesn't fit into this category. + +Therefore, the bug report falls under the 'instruction' category because it's about the incorrect behavior of a specific CPU instruction in QEMU. +</think> + +The issue is related to an instruction causing incorrect behavior in the emulator. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2696 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2696 new file mode 100644 index 000000000..fb4546062 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2696 @@ -0,0 +1,19 @@ +<think> +Okay, so I need to classify this bug report about qemu-hexagon hitting an unreachable assertion in decode_insns(). Let me go through it step by step. + +The user provided a bug description where they're compiling a simple assembly file `start.s` using clang with the hexagon target. The resulting binary is then run with qemu-hexagon, which throws an error saying that code shouldn't be reached at line 492 in decode.c. + +Hmm, the instruction in start.s is just `.word 0`, which might not be a valid Hexagon instruction. When clang compiles this, it's possible that it's creating a binary with an invalid or unrecognized opcode for the Hexagon architecture. + +When qemu runs this, it tries to decode the instructions and hits an assertion because the code path isn't supposed to be reachable. This suggests that the decoder encountered an invalid instruction it didn't expect, causing it to enter an unexpected state. + +So, looking at the possible categories: instruction seems relevant here because the issue arises from trying to execute an invalid or unknown instruction. The error happens during instruction decoding, which is part of processing instructions in the emulator. + +syscall and runtime don't seem to fit as well. There's no mention of system calls failing or other runtime errors beyond the decoder hitting an assertion. + +Therefore, this bug falls under the 'instruction' category because it's related to handling an invalid instruction during execution. +</think> + +The issue arises from an invalid instruction causing the decoder to hit an unreachable code path in QEMU's Hexagon emulator. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2775 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2775 new file mode 100644 index 000000000..65f3efa3c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2775 @@ -0,0 +1,13 @@ +<think> +Alright, let me try to figure out how to classify this bug report. So, the user provided a detailed crash log from QEMU when running an emulated NetBSD/sparc64 system. The error message points to an assertion failure in the SPARC64 code generation part of QEMU's source code. + +Looking at the description, it seems that while executing certain instructions, specifically involving sethi and branch operations, QEMU hits an internal assertion. The GDB backtrace shows that the crash occurs during instruction translation when trying to handle a specific instruction sequence. + +Now, I need to classify this bug into one of three categories: instruction, syscall, or runtime. The instruction category would be for issues where a particular instruction is causing problems. Syscall relates to system calls not handling correctly. Runtime errors are broader and include other issues that happen during execution but aren't tied to specific instructions or syscalls. + +In this case, the crash happens during instruction translation, specifically in the sparc_tr_insn_start function. The error message indicates an unexpected code path was reached, which suggests a problem with how certain instructions are being handled by the translator. Since it's related to translating and executing specific SPARC64 instructions, this points towards an issue with handling those particular instructions. + +So, I think the category here should be 'instruction' because it's directly tied to processing certain assembly instructions leading to an assertion failure in QEMU. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2865 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2865 new file mode 100644 index 000000000..a0262487d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2865 @@ -0,0 +1,23 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. The problem involves an issue with the `xvldi` instruction on LoongArch64. Let me break it down step by step. + +First, looking at the user's description: they provided a sample C++ program that uses intrinsic functions to load a specific value into a vector and then dumps the contents of that vector. On real hardware, the output is as expected, but when run under QEMU, the output is incorrect. + +The key point here is that the `xvldi` instruction isn't being implemented correctly in QEMU. The user also provided some code from the QEMU source, specifically the function `vldi_get_value`. In this function, there's a case where data is computed as `(t << 24) | (t << 8)`, but they suggest it should be `(t << (8+32)) | t << 8` instead. + +So, what does that mean? The `xvldi` instruction is supposed to load a vector with an immediate value replicated across all lanes. In this case, the immediate is -3832, which when interpreted as bytes should be 0x4 shifted left by 8 bits, giving each element as 0x800 (assuming little-endian or similar handling). + +In QEMU's current implementation, it seems that the way they're constructing this value is incorrect. The line `data = (t << 24) | (t << 8);` suggests that for some reason, they're combining two shifted versions of the same byte. But according to the user, this isn't correct—it should be shifting by more bits to properly replicate across all elements. + +This indicates a problem with how the instruction is being translated or handled in QEMU's TCG (Tiny Code Generator) backend. Specifically, the function responsible for generating the value for `xvldi` has an incorrect calculation. + +Now, considering the categories provided: instruction, syscall, runtime. The issue here isn't related to a system call error or a general runtime problem. It's directly about how QEMU handles a specific instruction (`xvldi`) on LoongArch64. Therefore, this falls under the 'instruction' category because it's an incorrect implementation of a CPU instruction. + +I don't think it's a syscall issue because the program doesn't involve any system calls beyond standard I/O for printing. It's not a runtime error in the sense of memory management or resource issues either; it's specifically about how an instruction is processed, leading to wrong results when executing code that uses `xvldi`. + +So, putting it all together, this bug is an issue with QEMU's handling of a specific instruction, making 'instruction' the appropriate category. +</think> + +The given bug report is classified under the **instruction** category. + +(instruction) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2878 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2878 new file mode 100644 index 000000000..2d4dad2ff --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2878 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to classify this bug report about AVX512 support in QEMU user space emulation. The categories given are instruction, syscall, and runtime. Let me think through each step carefully. + +First, what's AVX512? It's an extension of the x86 instruction set that allows for more vector operations, which can speed up certain computations. So if there's a bug related to AVX512 in QEMU, it probably has something to do with how these instructions are handled. + +Now, looking at the categories: + +- **Instruction**: This would involve issues with specific CPU instructions not working correctly. Since AVX512 adds new instructions, a problem here might fall under this category. + +- **Syscall**: This relates to system calls between user space and kernel space. If the bug was about syscalls failing because of AVX512, it would fit here. But I don't think that's the case since AVX512 is more about instruction handling in the CPU emulation. + +- **Runtime**: These are errors that occur during execution but aren't necessarily tied to a specific instruction or syscall. If the bug was causing crashes or unexpected behavior without pointing to a specific instruction, it might be runtime. + +Given that the report mentions "support for AVX512", I'm guessing the issue is about implementing or correctly handling these new instructions within QEMU's user space emulation. That sounds like an instruction-level problem because it's about how QEMU emulates CPU instructions, specifically AVX512 ones. + +So, putting it all together, the bug report is likely about faulty instruction handling related to AVX512 support in QEMU. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/2971 b/results/classifier/deepseek-r1:32b/reasoning/instruction/2971 new file mode 100644 index 000000000..73e838249 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/2971 @@ -0,0 +1,15 @@ +<think> +Alright, let me try to figure out how to classify this bug report. The problem is about QEMU crashing when it decodes certain instructions, specifically vldi and xvldi. + +Looking at the description, the issue arises because these instructions allow illegal immediates during decoding. On actual hardware (Loongson 3A5000), such instructions cause a SIGILL signal, meaning they're invalid. However, QEMU isn't handling this correctly—it's crashing instead of behaving as expected. + +The test program uses an assembly instruction that directly writes a specific byte sequence into the code. This likely forms an invalid vldi or xvldi instruction with an illegal immediate value. When run under QEMU, it triggers an assertion error and crashes because the software decoding is too lenient and doesn't handle invalid cases properly. + +Since the problem revolves around how instructions are decoded by QEMU's emulator, it falls under the handling of specific instructions. The crash isn't due to a system call or a runtime issue unrelated to instruction processing but rather how these particular instructions are interpreted. + +So, categorizing this bug would be under "instruction" because it directly relates to the decoding and execution of invalid machine instructions. +</think> + +The issue is related to the handling of specific instructions (`vldi` and `xvldi`) in QEMU. The problem occurs during instruction decoding when illegal immediates are encountered, leading to crashes instead of proper error handling. + +**instruction** \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/312 b/results/classifier/deepseek-r1:32b/reasoning/instruction/312 new file mode 100644 index 000000000..5a7a247a4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/312 @@ -0,0 +1,13 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report about QEMU emulation. The user mentioned that the fmadds instruction on powerpc64le is buggy. + +First, let me understand what each category means. "Instruction" refers to issues with specific CPU instructions not being handled correctly. "Syscall" would involve problems with system calls in the OS. "Runtime" covers other runtime errors that don't fall into the first two categories. + +In this case, the problem is specifically about an instruction (fmadds) on a PowerPC architecture. QEMU emulates hardware, so if it's not handling a particular instruction correctly, that falls under instruction emulation issues. It doesn't seem to be related to system calls or other runtime problems but rather how the emulator processes certain CPU instructions. + +So, I think this bug should be classified under "instruction" because it directly relates to how QEMU handles a specific CPU instruction. +</think> + +The issue is specifically about an instruction not being handled correctly by the emulator. Therefore, the correct category is: + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/364 b/results/classifier/deepseek-r1:32b/reasoning/instruction/364 new file mode 100644 index 000000000..04e2f39a8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/364 @@ -0,0 +1,20 @@ +<think> +Okay, so I have this bug report about QEMU related to incorrect signed comparisons in ldsmax instructions. I need to classify it into one of three categories: instruction, syscall, or runtime. Let me break this down step by step. + +First, understanding what each category means: +- **Instruction**: This would involve issues with specific CPU instructions not working correctly. For example, if a certain opcode isn't handled properly by the emulator. +- **Syscall**: This relates to system calls made by the program being emulated. Issues here might be about incorrect handling of syscalls or their parameters. +- **Runtime**: These are other runtime errors that don't fall into the above two categories, like memory management issues or timing problems. + +Now looking at the bug report: "qemu-aarch64: incorrect signed comparison in ldsmax instructions." The term "ldsmax" stands out. I recall that in ARM architecture, there are various load and store multiple instructions, but "ldsmax" doesn't ring a bell immediately. Maybe it's a typo or perhaps refers to a specific instruction set. + +Wait, maybe it's related to the LDAR and STLR instructions used in atomic operations on ARM64. Or perhaps "ldsmax" is referring to an instruction that deals with signed maximum values, like ldsmax which could be a load-store exclusive maximum for signed integers. These kinds of instructions are crucial for implementing lock-free data structures. + +The problem mentioned is an incorrect signed comparison. That suggests that when QEMU emulates this instruction, it's not handling the signedness correctly, leading to wrong results or behavior in the guest OS or application running on QEMU. + +So, if the issue is with how a specific instruction (ldsmax) is being handled—specifically its signed comparison logic—that points towards an **instruction** category problem. The emulator isn't executing that particular instruction correctly, which affects the overall functionality of the code relying on it. + +I don't think it's a syscall because the problem isn't about system calls; it's about CPU instructions. It also doesn't seem to be a runtime error in the sense of memory or timing issues but rather an incorrect handling of an instruction's semantics. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/381 b/results/classifier/deepseek-r1:32b/reasoning/instruction/381 new file mode 100644 index 000000000..45cf9e143 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/381 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this QEMU bug report into one of three categories: instruction, syscall, or runtime. The error message is "ERROR:target/arm/translate-a64.c:13229:disas_simd_two_reg_misc_fp16: code should not be reached". + +First, looking at the file path target/arm/translate-a64.c suggests it's related to ARM instruction translation for 64-bit architecture. The function disas_simd_two_reg_misc_fp16 probably deals with SIMD instructions that use two registers and involve floating-point operations, specifically FP16 which is half-precision float. + +The error message says "code should not be reached", which typically means a situation occurred that the developers didn't anticipate. This could happen if an unexpected instruction or condition was encountered during disassembly or translation. + +Since it's in the translate-a64.c file and dealing with instruction decoding, this is likely related to handling specific ARM instructions, especially SIMD ones. It doesn't seem to be a syscall issue because there's no mention of system calls. It also seems more about instruction processing rather than a general runtime error. + +So, I think this bug falls under the 'instruction' category because it involves incorrect handling or unexpected conditions when translating an ARM instruction. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/390 b/results/classifier/deepseek-r1:32b/reasoning/instruction/390 new file mode 100644 index 000000000..c1d0fc909 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/390 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU. The message says "target/ppc: atomic path of Load Quadword instruction require address with write permission." Hmm, let me break this down. + +First, "target/ppc" refers to the PowerPC target in QEMU, which is an emulator for different architectures. So the issue is specific to how QEMU handles certain instructions on the PPC architecture. + +The bug mentions the "atomic path of Load Quadword instruction." Atomic operations are those that execute without interruption, ensuring consistency. The Load Quadword (lq) is a PowerPC instruction that loads 8 bytes from memory into a register. So this is about an atomic load operation. + +Now, the problem states that it requires the address to have write permission. That's interesting because typically, a Load instruction should only need read permissions. If QEMU is expecting write permissions for a Load Quadword, that might be incorrect. + +Wait, but maybe I'm misunderstanding. In some cases, atomic operations can involve both reading and writing due to how they handle memory ordering or if it's part of a larger operation. For example, in multi-threaded environments, atomic read-modify-write operations might need write permissions even though the instruction itself is a load. + +So, looking at the categories provided: instruction, syscall, runtime. The issue here seems related to how QEMU handles an instruction (Load Quadword) specifically when it's part of an atomic operation. It's not about a system call or a general runtime error but rather about the correct handling of an instruction under certain conditions. + +Therefore, this falls under the "instruction" category because it's describing an issue with how a specific instruction is being handled in QEMU. +</think> + +The bug report discusses an issue with the handling of the Load Quadword instruction in an atomic context within QEMU. It pertains to the requirement for write permissions during what should be a read operation, indicating a problem with how this particular instruction is processed. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/422 b/results/classifier/deepseek-r1:32b/reasoning/instruction/422 new file mode 100644 index 000000000..1182a1974 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/422 @@ -0,0 +1,13 @@ +<think> +Okay, so I have this bug report that says "Unable to execute MIPS MSA code due to illegal instruction." And it's part of qemu. I need to classify it into one of three categories: instruction, syscall, or runtime. + +Hmm, first, let me understand each category. Instruction issues would be about specific instructions causing problems. Syscall is related to system calls going wrong. Runtime errors are other runtime issues not covered by the first two. + +The bug mentions an "illegal instruction." That usually means that the CPU encountered an instruction it doesn't recognize or isn't implemented in the emulator. MIPS MSA stands for Multi媒體 Supplement Architecture, which adds instructions for media processing. So if QEMU is throwing an illegal instruction error when executing MSA code, it's probably because the emulator doesn't support those specific MSA instructions yet. + +So this seems to be about a faulty or unsupported instruction rather than a system call issue or a general runtime problem. Therefore, the category should be "instruction." +</think> + +The bug report involves an illegal instruction during execution of MIPS MSA code in QEMU, indicating an issue with handling specific instructions. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/427 b/results/classifier/deepseek-r1:32b/reasoning/instruction/427 new file mode 100644 index 000000000..21bb34d59 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/427 @@ -0,0 +1,17 @@ +<think> +Okay, I'm looking at this bug report about QEMU incorrectly raising an exception on an SSE4.2 CRC32 instruction. Hmm, let me break it down. So, the issue is related to how QEMU handles this specific CPU instruction. + +First, I need to understand what each category means. The categories are "instruction", "syscall", and "runtime". + +- "Instruction" refers to bugs where a particular CPU instruction isn't handled correctly. +- "Syscall" relates to errors when making system calls. +- "Runtime" is for other runtime issues that don't fall into the above two. + +In this case, the problem is with the SSE4.2 CRC32 instruction. That's a specific CPU-level command. QEMU is supposed to emulate this correctly but it's raising an exception instead. So it's not about system calls or general runtime errors; it's specifically about handling that instruction incorrectly. + +Therefore, the category should be "instruction" because it's directly related to how QEMU processes a particular CPU instruction. +</think> + +The bug report describes an issue with QEMU mishandling a specific CPU instruction (SSE4.2 CRC32), which falls under the instruction category. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/449 b/results/classifier/deepseek-r1:32b/reasoning/instruction/449 new file mode 100644 index 000000000..bd994e381 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/449 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to classify this bug report for QEMU. Let me read through it carefully. + +The user is encountering an assertion failure when running a Go program that uses vector instructions on s390x Linux. The error message points to translate.c in QEMU's source code, specifically the get_field1 function where an assertion failed: `have_field1(s, o)`. They also provided a stack trace showing that it's happening within the Go runtime and some cryptographic functions. + +They mentioned that reverting a specific series of patches from the master branch fixed the issue. The additional information links to a patch by David Hildenbrand related to s390x translation in QEMU. + +Looking at the possible categories: instruction, syscall, runtime. Since the problem is happening during the execution of vector instructions and leads to an assertion failure in the QEMU translator, it seems like the issue is with how certain instructions are being handled. The user also mentioned that this affects real programs when using HTTPS, which relies on cryptographic operations—so likely tied to specific instruction handling. + +Therefore, the category should be "instruction" because it's related to processing vector instructions leading to a failure in QEMU. +</think> + +The bug report describes an issue where executing vector instructions leads to an assertion failure in QEMU's translator. This points to a problem with how certain instructions are handled, making it fall under instruction-related issues. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/494 b/results/classifier/deepseek-r1:32b/reasoning/instruction/494 new file mode 100644 index 000000000..e8bf095e3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/494 @@ -0,0 +1,19 @@ +<think> +Alright, so I'm trying to figure out how to classify this bug report for QEMU. The issue says that when using CMake with qemu-alpha-user, it crashes due to an Illegal Instruction. + +First, I need to understand what each category means. The categories given are instruction, syscall, and runtime. + +The "instruction" category would involve a problem with the actual machine instructions being executed. Like if there's a bad opcode or something that the CPU can't handle. + +The "syscall" category is about errors related to system calls. Maybe the program tried to make an invalid call to the OS, which caused it to crash. + +Then there's "runtime", which is for other runtime errors not fitting into the first two categories. So things like memory issues, segmentation faults, etc., that happen while the program is running. + +In this case, the error is an Illegal Instruction when CMake runs qemu-alpha-user. QEMU is a emulator, so maybe it's trying to execute some code that the host CPU doesn't support? Or perhaps there's a problem with how CMake is invoking it. + +I'm leaning towards "instruction" because the error message mentions an illegal instruction, which suggests a problem with the instructions being executed. It could be that QEMU is generating or handling instructions in a way that's incompatible with the host architecture. +</think> + +The crash occurs due to an Illegal Instruction, indicating an issue with executed machine code. + +(instruction) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/508 b/results/classifier/deepseek-r1:32b/reasoning/instruction/508 new file mode 100644 index 000000000..0ff3995eb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/508 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report about x86_64 cmpxchg behavior in qemu tcg not matching the real CPU. Let me think through what each category means. + +First, "instruction" would involve an issue where a specific instruction isn't handled correctly by QEMU. Since cmpxchg is an instruction, maybe it's here. + +Then there's "syscall", which is about system calls. But this bug doesn't mention syscalls, so probably not that. + +Lastly, "runtime" covers other runtime errors. But since the issue is with an instruction's behavior, it seems more specific than a general runtime error. + +So I think it falls under the "instruction" category because it's about how the cmpxchg instruction isn't behaving as expected in QEMU compared to real CPUs. +</think> + +The bug report pertains to the handling of the `cmpxchg` instruction in x86_64, which is a specific instruction. Therefore, it falls under the "instruction" category. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/618 b/results/classifier/deepseek-r1:32b/reasoning/instruction/618 new file mode 100644 index 000000000..8fe115156 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/618 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to figure out what category this QEMU bug falls into. Let's see what the problem is. + +The user provided a bug report about overflow condition codes being incorrectly determined after subtraction on s390x architecture. They included a test program that uses __builtin_sub_overflow for both 32-bit and 64-bit integers. When run under QEMU 6.1.0, it's incorrectly reporting no overflow when there should be one. + +Looking at the code generated by the compiler, they're using the 'o' condition code (overflow/ones) in their assembly. The problem is that QEMU isn't setting this correctly after subtraction operations. The expected behavior based on z/Architecture Principles of Operation is that an overflow occurs if the result is outside the signed integer range. + +The user provided a patch to fix this, which suggests it's related to how QEMU handles these condition codes during subtraction. They also mentioned that their test program shows incorrect results both with and without optimization, so it's not just an O2 issue. + +Now, considering the categories: instruction, syscall, runtime. This bug seems to be about how certain instructions are handled—specifically, the overflow conditions after subtractions. Since QEMU is misinterpreting the condition code, it's likely a problem with how it executes or decodes these specific instructions on the s390x architecture. + +So, I think this falls under the "instruction" category because it's about incorrect handling of an instruction's result in terms of setting condition codes. +</think> + +The bug is related to the incorrect handling of overflow condition codes after subtraction instructions on the s390x architecture. This involves how QEMU processes specific arithmetic operations and sets condition flags, which directly relates to instruction execution. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/625 b/results/classifier/deepseek-r1:32b/reasoning/instruction/625 new file mode 100644 index 000000000..8248062f2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/625 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to figure out what category this bug falls into for QEMU. The user reported an issue where the floating point power function is incorrect when running under qemu-hppa. They provided steps to reproduce it by compiling a C program and then running it in QEMU. The problem is that instead of getting 10^6 = 1,000,000, they're getting 403.45, which is way off. + +First, I need to understand what's happening here. The program uses the pow function from math.h, which should compute base raised to the exponent. Since this is a floating-point operation, it's likely related to how QEMU handles certain instructions or operations on the HPPA architecture. + +The categories given are instruction, syscall, and runtime. Let me break down each: + +1. **Instruction**: This would be if there's an issue with how a specific CPU instruction is handled by QEMU. For example, if a particular floating-point operation isn't emulated correctly, this could cause incorrect results. + +2. **Syscall**: If the problem was related to system calls not being handled properly, like open, read, write, etc., then it would fall here. But in this case, the issue is with a math function, not a syscall. + +3. **Runtime**: This category is for other runtime errors that aren't instructions or syscalls. Maybe memory management issues, threading problems, etc. However, the problem seems to be specific to a mathematical computation, so it's more likely an instruction-level issue. + +The example given uses pow(), which involves floating-point operations. The HPPA architecture might have specific instructions for handling powers, and if QEMU isn't emulating those correctly, that would cause this bug. So the error is likely in how QEMU handles a particular instruction or set of instructions related to the power function. + +Therefore, the category should be "instruction" because it's about how a specific floating-point operation (the power function) is being handled incorrectly by QEMU. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/754 b/results/classifier/deepseek-r1:32b/reasoning/instruction/754 new file mode 100644 index 000000000..ab2da2109 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/754 @@ -0,0 +1,17 @@ +<think> +Okay, I'm trying to classify this bug report from QEMU. The user provided some logs and an explanation of what's happening when they run their test case. Let me break it down step by step. + +First, looking at the initial problem: when running with certain debug options, the stack pointer isn't what's expected. It shows 80045fe0 instead of 80045fd8. That suggests there might be an issue with how the stack is being managed or something related to memory addressing. + +Then, when they run with additional options including -singlestep, they notice that certain instructions aren't executed as expected. Specifically, the linkw and movel instructions are skipped, and instead, an extra orib instruction is being executed. This is odd because those instructions should be part of the normal execution flow. + +Looking at the logs, it seems like there's a problem with how the disassembler and translator interpret certain instructions. There's a note about "Disassembler disagrees with translator over instruction decoding," which implies that QEMU's internal components aren't in agreement about what the machine code represents. That's a red flag for an issue in the way instructions are being parsed or translated. + +The fact that extra instructions appear when running in single-step mode suggests that there might be a bug in how the CPU state is handled, especially around branching or instruction fetches. Maybe the translator isn't correctly handling a specific opcode, causing it to insert incorrect operations into the execution stream. + +Also, considering the user mentioned using "-cpu m68020," this points towards an issue with the 68020 processor emulation in QEMU. The problem arises during instruction decoding and execution, which falls under how the CPU handles instructions—so it's likely related to the handling of specific opcodes or instruction sequences. + +Putting it all together: the bug report is about incorrect instruction execution (some not being run as expected, others appearing unexpectedly) due to a disagreement in the disassembler and translator. This points to an issue with how the CPU core handles instructions, specifically an error in the way certain opcodes are translated or executed. Therefore, this falls under the "instruction" category because it's about faulty instruction handling rather than syscalls or runtime errors unrelated to instruction execution. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/799 b/results/classifier/deepseek-r1:32b/reasoning/instruction/799 new file mode 100644 index 000000000..aeb146054 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/799 @@ -0,0 +1,19 @@ +<think> +Okay, I'm trying to classify this bug report for QEMU. Let's read through the description carefully. + +The problem is that TCG Optimizer crashes on an AArch64 SVE2 instruction. The error message mentions an assertion failure in do_constant_folding, specifically operation 145 which isn't recognized. + +Looking at the steps to reproduce, there's a provided assembly code snippet. The code includes various operations like mrs (move from system register), orr (bitwise OR), msr (move to system register), and so on. The critical part seems to be near the end with the instruction 'uqxtnt z11.s, z22.d'. + +I know that SVE2 stands for Scalable Vector Extension 2, which introduces new vector instructions in ARM architecture. The uqxtnt instruction is likely one of these new operations. + +In the context of QEMU's TCG (Translation Code Generation), if an unrecognized operation code (op) is encountered during optimization, it would trigger a fatal error because the optimizer doesn't know how to handle that specific opcode. Since the error message points to do_constant_folding and mentions operation 145, this suggests that the optimizer isn't aware of how to process this instruction. + +So the issue arises when QEMU tries to optimize an SVE2 instruction that's not yet handled by the TCG optimizer. This means the bug is related to processing a specific instruction in the guest code that QEMU doesn't correctly handle during translation or optimization phases. + +Therefore, the category for this bug would be 'instruction' because it's about handling a particular CPU instruction. +</think> + +The bug occurs due to an unrecognized SVE2 instruction causing TCG to crash. It's related to processing instructions. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/824 b/results/classifier/deepseek-r1:32b/reasoning/instruction/824 new file mode 100644 index 000000000..b0480b51f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/824 @@ -0,0 +1,11 @@ +<think> +Alright, so I'm looking at this problem where QEMU is producing a Translation Block error with specific instructions. The user provided an example where four instructions are involved. The first and third instructions are identical (both cmp eax, 0x6), and the second instruction seems to be the prefix of the fourth one (which is jnle 0x524). This pattern repeats with different addresses but follows the same structure. + +First, I need to understand what's going on here. The fact that instructions are repeating suggests there might be an issue in how QEMU is translating or executing these instructions. Maybe it's a bug in the translation process where certain conditions cause the same instruction to be added multiple times incorrectly. + +Looking at the categories provided: instruction, syscall, runtime. Since the problem seems to involve specific assembly instructions being handled improperly by QEMU, I think it might fall under the "instruction" category. The issue doesn't seem to relate directly to system calls or general runtime errors but rather how individual instructions are processed and translated. + +I should consider whether this is an error in how the emulator handles certain opcodes or instruction sequences. The repeated cmp and jnle could be causing a loop or incorrect branching, leading to translation block issues. Therefore, it's likely related to how QEMU translates these specific instructions, making "instruction" the appropriate category. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/826 b/results/classifier/deepseek-r1:32b/reasoning/instruction/826 new file mode 100644 index 000000000..768952978 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/826 @@ -0,0 +1,15 @@ +<think> +Okay, so I need to classify this bug report under one of three categories: instruction, syscall, or runtime. Let's break it down. + +The problem is about an SVE2 LDNT1SB instruction causing a data abort due to an incorrect address calculation. The user provided register states and the instruction in question. From what I understand, SVE instructions handle vector operations, and this specific instruction is supposed to load data from memory using both vector and scalar components. + +The report mentions that QEMU's implementation for LDNT1SB was simply redirecting to the LD1SB handler. But LDNT1SB uses a different addressing mode (vector plus scalar) compared to LD1SB, which might be using a scalar plus vector approach. The incorrect handling by the LD1SB handler would mean it calculates the address wrong, leading to an invalid memory access and thus a data abort. + +Since the issue is directly related to how the CPU instruction is being executed—specifically, how the address is calculated during a load operation—it's clear that this is an error in processing the instruction itself. It's not about system calls (syscall) or general runtime errors unrelated to specific instructions. The problem lies within QEMU's handling of the LDNT1SB instruction. + +Therefore, the appropriate category for this bug report should be "instruction". +</think> + +The bug report discusses a problem with how the `ldnt1sb` instruction is handled in QEMU, specifically an incorrect address calculation leading to a data abort. This falls under issues related to instruction execution. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/837 b/results/classifier/deepseek-r1:32b/reasoning/instruction/837 new file mode 100644 index 000000000..a9ee077af --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/837 @@ -0,0 +1,15 @@ +<think> +Alright, let's try to figure out how to classify this bug report for QEMU. The user is reporting an issue where the `icebp` instruction (opcode 0xF1) isn't behaving correctly when run under QEMU. On bare metal Linux, it raises a `SIGTRAP`, but in QEMU, it results in a `SIGILL`. + +First, I need to understand what each of these signals means. `SIGTRAP` is typically raised by debug exceptions or breakpoints, which makes sense for the `icebp` instruction since it's used for debugging purposes. On the other hand, `SIGILL` indicates an illegal instruction, meaning that the system doesn't recognize the instruction being executed. + +Looking at the code provided, the user compiles a small program that uses the `icebp` instruction and then either exits or performs a syscall. When run directly on hardware (bare metal), it correctly triggers a `SIGTRAP`, which is expected because `icebp` generates a debug exception (#DB). However, when running under QEMU, it incorrectly raises an illegal instruction signal instead. + +Now, considering the possible categories: instruction, syscall, or runtime. The issue here seems to be related to how QEMU handles specific instructions. Since the problem arises from executing the `icebp` opcode and not processing it correctly, it's likely a fault in how QEMU decodes or emulates this particular instruction. + +Therefore, the bug is probably under the 'instruction' category because it pertains to the incorrect handling of an x86 instruction by QEMU. The fact that it raises an illegal instruction instead of a trap indicates a problem with the emulation of that specific opcode. +</think> + +The bug report concerns the incorrect handling of the `icebp` instruction in QEMU, leading to an improper signal being raised. This is categorized under instruction processing. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/890 b/results/classifier/deepseek-r1:32b/reasoning/instruction/890 new file mode 100644 index 000000000..aeb9a1483 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/890 @@ -0,0 +1,18 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report about QEMU. The issue mentioned is "Misinterpretation of arm neon invalid insn." So, let's break that down. + +First, Neon refers to ARM's SIMD (Single Instruction Multiple Data) architecture, which is used for parallel processing in applications like media encoding and decoding. So the problem seems to be related to how QEMU handles certain ARM Neon instructions. + +The term "invalid insn" suggests that there's an instruction being processed that isn't valid or isn't handled correctly. If QEMU misinterprets this, it could lead to incorrect behavior when executing code on ARM architectures, especially those utilizing Neon. + +Looking at the categories provided: +- Instruction: This involves issues with how specific instructions are handled. +- Syscall: Problems related to system calls. +- Runtime: Other runtime errors not covered by the above. + +The bug report doesn't mention anything about system calls or general runtime issues. Instead, it's specifically about an invalid Neon instruction being misinterpreted. That points directly to a problem with handling a specific type of instruction. + +So, putting it all together, this seems like an issue under the "instruction" category because it's about how QEMU processes an ARM Neon instruction incorrectly. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/904308 b/results/classifier/deepseek-r1:32b/reasoning/instruction/904308 new file mode 100644 index 000000000..c2e43e42a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/904308 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. The report is about an issue found in QEMU's x86 translation code related to the BT/BTS/BTR/BTC instructions. + +Looking at the provided code snippets, it seems that there are problems with how these instructions handle the Zero Flag (ZF). Specifically, the ZF is always being set, which might not be correct according to the Intel instruction set architecture. The user mentions a fixed patch exists but isn't providing it here. + +The bug report discusses issues in the way QEMU's x86 emulator translates and executes these bit manipulation instructions. It points out that the Zero Flag (ZF) is always being set, which isn't accurate for all cases of these operations. For example, BT checks a specific bit; if that bit is 0, ZF should be set to 1, otherwise, it remains 0. If QEMU incorrectly sets ZF regardless of the operation's outcome, this would cause incorrect behavior in emulated programs. + +Since the issue revolves around how certain instructions (BT/BTS/BTR/BTC) are being handled by the emulator, leading to an incorrect state of a CPU flag, this falls under the category related to individual instructions not behaving as expected. The problem isn't with system calls or runtime errors in general but specifically with how these particular x86 instructions are emulated. + +Therefore, the correct classification should be "instruction" because it's about a specific instruction causing incorrect behavior. +</think> + +The bug report discusses an issue with specific x86 instructions (BT/BTS/BTR/BTC) incorrectly setting the ZF flag in QEMU. This is related to how these instructions are handled during translation. + +**Answer:** instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/952 b/results/classifier/deepseek-r1:32b/reasoning/instruction/952 new file mode 100644 index 000000000..3ac2b526e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/952 @@ -0,0 +1,15 @@ +<think> +Okay, I'm trying to figure out what's going on here. The user is having an issue where their program runs fine under GDB but crashes when run directly in QEMU. Specifically, they're getting a core dump because of a signal 5 (Trace/Breakpoint trap). + +Looking at the disassembly, there's a BKPT instruction at address 0xa608. I remember that BKPT is used for breakpoints and should generate a SIGTRAP when hit. But in QEMU's Linux-user mode for ARM 32-bit, this isn't handled correctly. The user mentioned they found a bug report indicating this was fixed, but it's still happening. + +They provided the GDB session where stepping through the code lands on the BKPT instruction without crashing. However, when running outside of GDB, QEMU doesn't recognize the BKPT and triggers a SIGTRAP, leading to a core dump. + +The backtrace shows that QEMU is processing pending signals, specifically signal 5 (SIGTRAP), which causes it to abort. This suggests that the issue lies in how QEMU handles the BKPT instruction when not under GDB's control. + +So, this seems like an issue with how instructions are handled by QEMU—specifically, the BKPT instruction isn't being translated into a SIGTRAP correctly in non-debugging scenarios. +</think> + +The problem arises because QEMU doesn't properly convert the BKPT instruction into a SIGTRAP signal when not debugging. This is an issue related to handling instructions. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/979 b/results/classifier/deepseek-r1:32b/reasoning/instruction/979 new file mode 100644 index 000000000..31d04d0fd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/979 @@ -0,0 +1,18 @@ +<think> +Okay, so I need to classify this bug report from QEMU into one of three categories: instruction, syscall, or runtime. Let's break it down step by step. + +The problem is about floating-point conversion functions on s390x architecture. The user noticed that some cases are broken while collecting reference files for float_convs and float_convd. They provided a diff showing the discrepancies between test outputs and references. + +Hmm, floating-point operations are handled at a low level in processors, so they often relate to how instructions are executed or interpreted by the CPU. Since s390x is an architecture with specific instruction sets, issues here could be related to incorrect handling of certain instructions during conversions. + +Looking at the categories: +- **Instruction**: Faulty instruction handling. +- **Syscall**: Errors related to system calls. +- **Runtime**: Other runtime errors not covered above. + +The issue seems more about how floating-point operations are being processed rather than a problem with system calls. It's also not just a general runtime error because it's specific to certain instructions or their implementation in the conversion functions. + +So, since it's related to the handling of floating-point conversions which likely involve specific CPU instructions and their correct execution, this falls under the instruction category. +</think> + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/984 b/results/classifier/deepseek-r1:32b/reasoning/instruction/984 new file mode 100644 index 000000000..7453dc3c1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/984 @@ -0,0 +1,16 @@ +<think> +Alright, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The issue is about the QEMU emulator's handling of the `fldl` instruction specifically for i386. The user mentions that the problem arises from the `float64_to_floatx80` function not working correctly. They provided examples showing incorrect output before and after a specific commit, indicating it's related to how floating-point operations are emulated. + +Looking at the categories: +- "instruction" would apply if there was an issue with the emulator handling a particular CPU instruction incorrectly. +- "syscall" relates to issues with system calls. +- "runtime" covers other runtime errors that aren't instructions or syscalls. + +Since the problem is directly tied to how QEMU emulates the `fldl` instruction and its interaction with the FPU control word, this falls under the emulator's handling of a specific instruction. Therefore, it should be classified as an "instruction" issue. +</think> + +The bug report describes an issue with how QEMU handles the `fldl` instruction, specifically related to floating-point operations and precision control bits in the FPU control word. This is directly tied to the emulation of CPU instructions. + +**instruction** \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/993 b/results/classifier/deepseek-r1:32b/reasoning/instruction/993 new file mode 100644 index 000000000..4d754363c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/993 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to classify this bug report into one of three categories: instruction, syscall, or runtime. The user provided a detailed crash report from Fedora 36 involving an illegal instruction error when using flatpak. Let me break down what's happening here. + +Looking at the stack trace, the program crashes in a function called `sha512_block_data_order_avx2` within `/lib64/libgnutls.so.30`. The disassembly shows that the problematic instruction is `vzeroupper` at address `0x7f89783cbe4a`. + +I remember that `vzeroupper` is an AVX (Advanced Vector Extensions) instruction used to zero out the upper bits of YMM registers. This instruction is part of the x86-64 instruction set and is typically used when transitioning between scalar and vector operations to avoid undefined behavior. + +The error occurs because the CPU doesn't recognize `vzeroupper` as a valid opcode, which suggests that either the CPU doesn't support AVX instructions or the code isn't checking for AVX support before using these instructions. Since the bug report mentions Fedora 36, it's possible that the system in question has an older CPU without AVX support. + +So, the issue revolves around an instruction (`vzeroupper`) being executed on a system where it's not supported. This falls under the category of an invalid or faulty instruction. It's not related to a syscall error or a runtime issue like memory management; instead, it's about using an unsupported CPU instruction. + +Therefore, I classify this bug as part of the "instruction" category. +</think> + +The bug is caused by an invalid CPU instruction being executed on a system that doesn't support it, specifically `vzeroupper`. This falls under the category of an instruction-related issue. + +instruction \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/instruction/998 b/results/classifier/deepseek-r1:32b/reasoning/instruction/998 new file mode 100644 index 000000000..62c205d00 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/instruction/998 @@ -0,0 +1,11 @@ +<think> +Okay, I need to classify this bug report under one of the given categories: instruction, syscall, or runtime. The problem involves QEMU not handling the SCTLR_EL1.BT0 bit correctly in user mode, which causes an incorrect signal when running a specific program. + +Looking at the code provided, it seems the issue arises because PACIASP is acting as a BTI landing pad but under certain conditions, such as when SCTLR_EL1.BT is set. The test program expects a SIGILL if everything is correct, otherwise a SIGSEGV. This implies that the problem is related to how instructions are being handled in QEMU. + +The error occurs during runtime when executing specific instructions, particularly around indirect branches and BTI (Branch Target Identification) handling. Since it's about instruction execution and exception handling rather than system calls or general runtime errors, I think this falls under the 'instruction' category. +</think> + +The issue is related to how certain instructions are handled by QEMU, specifically involving BTI and PACIASP. The bug arises from incorrect handling of these instructions during execution. + +(instruction) \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1033 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1033 new file mode 100644 index 000000000..3824e028a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1033 @@ -0,0 +1,13 @@ +<think> +Okay, so I need to figure out what category this bug falls into. The problem is that when running fakeroot under qemu, it fails with an error about semop(1) not being implemented. From the description, it looks like someone tried to fix a similar issue in another bug report but is still having problems. + +The user mentions they built qemu from the latest git repo, which should include the previous fix. They set up an schroot environment for arm architecture and run fakeroot as part of building a package. The error occurs during this process. + +So, looking at the possible categories: instruction, syscall, runtime. The error message specifically mentions 'semop(1): encountered an error: Function not implemented'. Semop is a system call used for semaphore operations. Since it's saying the function isn't implemented, that points to a problem with how qemu handles syscalls. + +Therefore, this issue relates to a problem during a system call within qemu. So the category should be 'syscall'. +</think> + +The bug report discusses an error with the semop syscall not being implemented in qemu. This indicates a problem with handling system calls. + +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1054831 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1054831 new file mode 100644 index 000000000..7fec8da36 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1054831 @@ -0,0 +1,31 @@ +<think> +Okay, I'm trying to help classify this bug report related to QEMU. Let me go through it step by step. + +So, the user is setting up a sparc chroot on a Debian x86-64 host system. They followed the usual steps: creating a directory, using debootstrap with --foreign for sparc architecture, copying the qemu-sparc32plus-static binary into the chroot's /usr/bin, and then trying to run the second stage of debootstrap inside the chroot. + +When they execute the command `sudo chroot sparc/ /usr/bin/qemu-sparc32plus-static /bin/bash`, it seems to work initially. But when running `/debootstrap/debootstrap --second-stage`, they encounter an error: `bash: fork: Invalid argument`. + +The user mentioned that this process works perfectly for armhf, but not for sparc32plus. They're using the current QEMU git HEAD at commit 93b65997. + +I need to figure out what's causing this issue and classify it under one of the given categories: instruction, syscall, or runtime. + +First, I should understand what "fork: Invalid argument" means. The fork() system call is used by a process to create a new child process. If fork returns an error like "Invalid argument", that suggests something's wrong with how the process is trying to fork. + +Looking deeper, when using QEMU user mode (like qemu-sparc32plus-static), it translates system calls from the guest architecture (sparc) to the host's (x86-64). If there's a problem in this translation layer, especially around system calls like fork, that could cause such errors. + +In this case, since armhf works fine but sparc doesn't, it points towards an issue specific to how QEMU is handling sparc32plus syscalls. Maybe the implementation of fork() isn't correctly handled for sparc in QEMU user mode. + +So, considering the categories: + +- **Instruction**: This would relate to a faulty instruction being executed. But here, the error is about a system call (fork) failing. + +- **Syscall**: Since the problem occurs at the syscall level with fork(), this seems relevant. The issue might be in how QEMU translates or handles the fork() call for sparc32plus. + +- **Runtime**: This could cover other runtime errors, but since it's specifically a system call failure, 'syscall' is more precise. + +Therefore, I think the category here is 'syscall'. +</think> + +The error occurs during a system call (fork), indicating an issue with how QEMU handles this syscall for sparc32plus. + +syscal \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1066909 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1066909 new file mode 100644 index 000000000..c92b37018 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1066909 @@ -0,0 +1,18 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU's microblaze emulator having an issue with CLONE_THREAD. The user is saying that when they use CLONE_THREAD, the new process starts at the system call instruction instead of the next one, causing threads to multiply and crash quickly. + +First, I need to understand what category this falls under: instruction, syscall, or runtime. + +The bug is related to how QEMU handles the clone system call specifically for creating threads on microblaze. The problem isn't about executing an incorrect instruction but rather about the behavior of a system call (clone) not working as expected. So it's more than just a faulty instruction; it's about the handling of a syscall. + +Looking at the possible categories: +- Instruction: Faulty instructions, which doesn't seem to be the case here. +- Syscall: Errors related to how system calls are handled. +- Runtime: Other runtime errors not covered by the above two. + +Since the issue is specifically with the clone syscall and how it's emulated, leading to incorrect thread creation behavior, this falls under 'syscall'. +</think> + +The bug report describes an error in handling the CLONE_THREAD system call within QEMU's microblaze emulator. It's a problem with the syscall emulation rather than an instruction or general runtime issue. + +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1075272 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1075272 new file mode 100644 index 000000000..f212b4169 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1075272 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm looking at this bug report about QEMU and socket type mapping issues for MIPS app-level emulation. The user is saying that when an application makes a socket call like socket(AF_INET, SOCK_STREAM, IPPROTO_TCP), it ends up using SOCK_DGRAM instead, which causes an error. + +The problem arises because in the do_socket function within syscall.c, there's a remapping happening to handle how MIPS permutes socket types. However, this remapping doesn't account for additional flags like SOCK_NONBLOCK or SOCK_CLOEXEC that might be OR'ed with the type. So when these flags are present, they interfere with the permutation logic, leading to incorrect socket calls and errors. + +I need to classify this bug into one of three categories: instruction, syscall, or runtime. + +First, considering "instruction" would mean it's about a specific CPU instruction being handled incorrectly. But here, the issue is about system calls and their parameters, not about executing an instruction. + +Next, looking at "runtime", which covers errors that happen during execution but aren't necessarily related to syscalls or instructions. However, the problem described is directly tied to how a syscall (socket) is being handled. + +The third option is "syscall", which refers to issues with system calls. Since the bug report discusses incorrect handling of socket types in the do_socket function, which processes the socket syscall, this seems like it fits under the syscall category. + +Therefore, the appropriate classification for this bug should be "syscall". +</think> + +The issue pertains to how QEMU handles the socket system call parameters, specifically failing to account for certain flags when remapping socket types. This falls under incorrect handling of a system call. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1075339 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1075339 new file mode 100644 index 000000000..0b29cbb81 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1075339 @@ -0,0 +1,19 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report about QEMU's setsockopt handling. The user mentioned that when using Linux-user emulation in QEMU, the setsockopt function ignores the optlen argument. Instead, it treats the argument as a 4-byte integer. This is causing issues because some socket options, like timeouts, require larger structures such as timeval which can be 8 or 16 bytes depending on the word size. + +So, I need to determine whether this bug falls under the 'instruction', 'syscall', or 'runtime' category. Let's break it down: + +1. **Instruction Category**: This would involve issues with specific CPU instructions or assembly-level problems. The report doesn't mention any instruction-level errors, so probably not this one. + +2. **Syscall Category**: This relates to issues with system calls in the operating system. Since setsockopt is a system call and the problem is about how QEMU handles it during emulation, especially ignoring optlen and incorrectly treating the argument as a 4-byte int, this seems relevant. The issue is about handling a specific syscall parameter improperly. + +3. **Runtime Category**: This would cover other runtime errors not related to instructions or syscalls. While the bug does cause runtime problems (like incorrect timeouts), the root cause is in how the syscall is handled by QEMU's emulation layer. + +Considering that the problem directly involves the setsockopt system call and its arguments, it makes sense to classify this under 'syscall'. The issue arises from improper handling of the syscall parameters during emulation. +</think> + +The bug report discusses an issue with the `setsockopt` system call in QEMU's Linux-user emulation. It incorrectly handles the `optlen` argument by treating it as a 4-byte integer, which causes problems for socket options requiring larger data structures like `timeval`. This directly relates to how the syscall is implemented and handled. + +**syscall** + +The bug pertains to incorrect handling of a system call parameter in QEMU's emulation. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/122 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/122 new file mode 100644 index 000000000..0f57695a2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/122 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report for QEMU. The issue mentioned is "linux-user does not check PROT_EXEC". Let me break it down. + +First, I remember that QEMU has different modes, including user mode emulation (linux-user) which allows running binaries from one OS on another. So the problem is in that part of QEMU. + +The term PROT_EXEC refers to a memory protection flag used in syscalls like mmap or mprotect. It allows execution of code in that memory region. If linux-user isn't checking this, it might lead to security issues because it could allow executing unauthorized code. + +Now, looking at the categories: instruction, syscall, runtime. This issue is about how QEMU handles PROT_EXEC in user mode. It's more about how the emulation interacts with system calls and memory protections rather than a specific instruction or runtime error elsewhere. + +So, the problem relates to syscalls and how they're handled. Therefore, it falls under 'syscall'. +</think> + +The bug report pertains to the handling of PROT_EXEC within the linux-user mode of QEMU, which affects how system calls related to memory protection are managed. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/127 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/127 new file mode 100644 index 000000000..283b562f6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/127 @@ -0,0 +1,18 @@ +<think> +Okay, I'm looking at this bug report for QEMU that says "linux-user missing cmsg IP_PKTINFO support ('Unsupported ancillary data: 0/8')". The user is asking me to classify this bug into one of three categories: instruction, syscall, or runtime. + +First, I need to understand what the issue is. Ancillary data in networking refers to additional information that can be sent along with a message, such as source routing or packet info. In Linux, IP_PKTINFO is used to get information about the incoming packet's interface and address. + +The error message suggests that when trying to handle this ancillary data, QEMU is encountering an unsupported case. Specifically, it's not handling cmsg (control messages) related to IP_PKTINFO. Since this relates to how network packets are processed, especially their metadata, it's likely a system call issue because socket operations involve syscalls like recvmsg which deal with control messages. + +Looking at the categories: +- Instruction: This would relate to specific CPU instructions or assembly code errors, which doesn't seem to be the case here. +- Syscall: Errors related to how system calls are handled. Since this involves networking and ancillary data, which is part of socket syscalls, this seems relevant. +- Runtime: General runtime errors not tied to a specific instruction or syscall. + +Given that the issue is about handling control messages during socket operations, it's more aligned with a syscall error because QEMU might be mishandling how these system calls are implemented in its user-mode emulation. Therefore, the category should be 'syscall'. +</think> + +The bug report pertains to handling ancillary data during socket operations, which involves system calls. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1394 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1394 new file mode 100644 index 000000000..7084e41ec --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1394 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The issue is about getresuid() returning incorrect uid values when run in a big-endian sparc64 guest under QEMU. The user provided an example where UID 0x000003e8 becomes 0x03e80000, which looks like a byte-swapping issue. + +From the steps to reproduce, they're compiling and running code that uses getresuid(). They mention it doesn't happen outside QEMU, so it's likely related to how QEMU handles something. The problem occurs when calling getresuid(), which is a system call. + +Looking at possible causes: since this affects a system call, it might be an issue in how QEMU translates or handles that particular syscall. Alternatively, maybe the glibc implementation within QEMU isn't handling endianness correctly, but since they mention it's part of QEMU, I should focus there. + +So, considering the problem is with getresuid(), which is a syscall, and the error occurs in the context of QEMU emulating that call. Therefore, this falls under the 'syscall' category because the issue arises when making a system call within the emulator. +</think> + +The bug report describes an incorrect handling of the getresuid() system call, leading to byte-swapping issues. This is related to how the syscall is implemented or translated by QEMU. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1416988 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1416988 new file mode 100644 index 000000000..4658b4ca4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1416988 @@ -0,0 +1,17 @@ +<think> +Okay, so I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let's break it down step by step. + +The user is experiencing issues when running GCC tests under qemu-aarch64. The problem seems to be related to signal handling, specifically a segmentation fault and infinite loops in certain test cases. They noticed that the sizes of siginfo structures between the Linux kernel and QEMU differ: 136 vs. 128 bytes. + +The user identified that the issue arises from an incorrect definition of TARGET_SI_PAD_SIZE in QEMU's syscall_defs.h. In the kernel, this is calculated as (SI_MAX_SIZE - __ARCH_SI_PREAMBLE_SIZE) divided by sizeof(int), which for Aarch64 is 4 * sizeof(int). So the padding size would be adjusted accordingly to fit within SI_MAX_SIZE. + +In contrast, QEMU currently defines TARGET_SI_PAD_SIZE as (TARGET_SI_MAX_SIZE / sizeof(int)) - 3. This leads to a larger pad than necessary because it doesn't account for the preambles correctly, causing the structures to be misaligned and mismatched between host and target. + +This seems to affect how signals are handled when running user space applications under QEMU. Since it's about handling signals, which involves system calls (like sigreturn or rt_sigreturn), I think this falls under a syscall issue because the problem occurs during signal processing, which relies on syscalls for communication between userland and the kernel. + +So, putting it all together, the bug is related to how QEMU handles system calls involving signal information structures. The incorrect padding size leads to ABI incompatibility, causing segmentation faults when applications try to use these signals. Therefore, this should be classified under 'syscall'. +</think> + +The issue stems from a miscalculation of the pad size for siginfo structures in QEMU's syscall handling, leading to an ABI mismatch with the Linux kernel. This affects signal processing and is related to system calls. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1643619 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1643619 new file mode 100644 index 000000000..3472a039a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1643619 @@ -0,0 +1,17 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report as either an instruction, syscall, or runtime issue within QEMU. + +The problem described is that netlink is broken on big-endian MIPS when using qemu-user. The user ran 'ip route' in a Debian chroot and it hung. They provided strace output showing that the process was waiting for a netlink response which never came. + +Looking at the strace, I see that the sendto call includes a buffer with len=671088640, which is 0x28000000 in hex. This looks like it's been byteswapped because on big-endian systems, byte order matters differently than on little-endian. The user mentioned that by removing the call to fd_trans_unregister in do_syscall for NR_socket, the issue was fixed. + +The bug seems related to how file descriptors are being translated or handled when making syscalls. Specifically, after creating a socket (which is a syscall), the code immediately unregisters the translation of the file descriptor. This could cause issues if other parts of the system expect that translation to still be in place for subsequent operations like sendto. + +So this isn't an instruction-level bug because it's not about specific CPU instructions or assembly code. It's also not a runtime issue in the sense of general execution problems. Instead, it's about how syscalls (in this case, socket) are being handled and their related file descriptor translations. The problem arises from the way the system calls interact with the file descriptors, specifically when dealing with endianness. + +Therefore, the category should be 'syscall' because it relates to errors in handling system calls within QEMU. +</think> + +The bug is classified under 'syscall' as it involves an error related to system call handling, particularly with file descriptor translations and netlink communication on big-endian MIPS. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1673976 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1673976 new file mode 100644 index 000000000..035e5d3e9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1673976 @@ -0,0 +1,23 @@ +<think> +Okay, so I need to figure out how to classify this bug report into one of the three categories: instruction, syscall, or runtime. Let's break down what the problem is here. + +The user is running locale-gen inside an armv7h chroot on their x86_64 desktop using qemu-arm-static. They've been doing this successfully for years but started having issues in the last few months, possibly after updating to QEMU 2.8. The error they're encountering is a core dump from localedef, which says there's an assertion failure in glibc's spawni.c file at line 360: `__spawnix: Assertion 'ec >= 0' failed.` + +The first thing I notice is that the issue involves using qemu to run an ARM binary on an x86_64 system. The problem arises during a locale generation process, which suggests it's related to how the environment or binaries are being handled within the chroot. + +Looking at the error message, it points to glibc's posix_spawn function having an assertion failure. Specifically, `ec >= 0` is failing, meaning that some value expected to be non-negative isn't, causing the program to abort. + +Now, considering the possible categories: + +1. **Instruction**: This would involve issues with specific machine instructions not being handled correctly by QEMU. If QEMU was mis-emulating an ARM instruction, that could cause problems. However, the error here is about a system call failure in glibc, which is more about how the process is being spawned. + +2. **Syscall**: Errors related to system calls would involve issues with how QEMU translates or handles system calls from the guest environment to the host. Since posix_spawn involves making system calls (like spawn), if QEMU isn't handling them correctly, that could cause such an error. + +3. **Runtime**: This category covers other runtime errors not specifically tied to instructions or syscalls. However, in this case, it seems like a specific issue with how processes are spawned, which ties back into system call handling. + +Given the context, the problem is likely due to how QEMU handles the posix_spawn syscall when running armv7h binaries on an x86_64 host. The assertion failure suggests that the environment or arguments passed during the spawn are incorrect, possibly because QEMU isn't correctly emulating or translating the necessary system calls for this operation. + +Therefore, I would classify this issue under **syscall** because it's related to how system calls, specifically posix_spawn, are handled by QEMU in the emulation process. +</think> + +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1701973 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1701973 new file mode 100644 index 000000000..722d0e01f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1701973 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm looking at this bug report where pread isn't working correctly under qemu-sh4. Let me try to understand what's going on here. + +First, the user provided a test program that uses the pread system call. When they run it under qemu-sh4 version 2.9.0, instead of getting ret=1 with errno=0 as expected, they're getting ret=0 and errno=2. This is causing an assertion failure because the code expects ret to be 1. + +I know that pread is a system call used for reading from a file descriptor at a specific position without updating the file pointer. So, if it's returning 0 instead of 1, something's wrong with how many bytes were read or perhaps an error occurred. + +The error number 2 corresponds to ENOENT, which usually means "No such file or directory." But in this context, since we're using a file descriptor, maybe the issue isn't about the file not existing but rather some problem in handling the pread call itself. + +Looking at the steps provided: they compile the program with static linking and run it under qemu. The fact that the program is statically linked might mean that it's using its own C library, which could affect how system calls are handled by qemu. + +The possible categories to classify this bug are instruction, syscall, or runtime. Since pread is a system call and the issue arises when calling it, it seems like the problem lies in how qemu handles this particular syscall. Maybe there's an incorrect implementation of the pread function in qemu-sh4, leading to the wrong return value and error code. + +I don't see any mention of faulty instructions or other runtime errors beyond the syscall failure. So, the most fitting category here is 'syscall' because it's directly related to how the system call is processed by the emulator. +</think> + +The bug report describes an issue with the pread system call returning incorrect values under qemu-sh4, which falls under handling of a system call. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1729 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1729 new file mode 100644 index 000000000..1431a9efa --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1729 @@ -0,0 +1,18 @@ +<think> +Okay, so I need to figure out how to classify this bug report as either 'instruction', 'syscall', or 'runtime'. Let's break it down step by step. + +The problem occurs when running a 32-bit program on a 64-bit host using qemu-user-static. The issue is with the `mremap` function in the musl-libc library. Specifically, when `pthread_getattr_np` is called, it enters an infinite loop because `mremap` keeps failing with `EFAULT`. + +Looking at the code snippet provided, the while loop in `pthread_getattr_np.c` uses `mremap` and checks if it returns `MAP_FAILED` due to `ENOMEM`. The problem arises when `mremap` fails for a different reason, causing the loop to repeat indefinitely. + +The key points here are: +1. It's related to a system call (`mremap`). +2. The failure is due to an error condition (`EFAULT`) that isn't properly handled. +3. This issue happens at runtime when the program is executed under qemu-user-static. + +Since `mremap` is a syscall, and the problem stems from how it's being handled or called, the category should be 'syscall'. It's not about an incorrect instruction or a general runtime error but specifically about a syscall failing unexpectedly. +</think> + +The bug report involves an issue with the `mremap` system call causing unexpected behavior when running under qemu-user-static. The problem arises from how the syscall is being handled, leading to an infinite loop. + +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1734792 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1734792 new file mode 100644 index 000000000..9f9372355 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1734792 @@ -0,0 +1,17 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. The issue is that QEMU isn't supporting the memfd_create syscall, resulting in an error when a userspace application uses it. + +First, looking at what each category entails: + +- **Instruction**: This would involve issues with how instructions are handled by the CPU emulator in QEMU. For example, if a specific instruction causes a problem. +- **Syscall**: This relates to system calls that the guest OS makes which aren't properly handled by QEMU's user mode emulation. +- **Runtime**: Covers other runtime errors not related to instructions or syscalls. + +The bug report mentions that memfd_create is failing with an error "Unsupported syscall: 319". The number 319 corresponds to the syscall number for memfd_create in Linux. Since this is a system call issue where QEMU doesn't support it, the problem falls under the syscall category. + +So, the classification should be 'syscall' because it's about handling a specific system call that isn't implemented. +</think> + +The bug report describes an issue with QEMU not supporting the memfd_create syscall, which is a system call error. + +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1760 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1760 new file mode 100644 index 000000000..8be0f305c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1760 @@ -0,0 +1,22 @@ +<think> +Okay, I'm trying to classify this bug report about qemu8-i386 not handling the mmap syscall correctly for 32-bit applications. Let me go through the details step by step. + +First, the problem occurs when running an oldmmap program under QEMU. The strace output shows that the correct arguments are being passed to the mmap system call, but QEMU's -strace is showing different and incorrect arguments. For example, in the user's example, strace reports mmap with NULL as the address, 8192 bytes, etc., while QEMU reports something like 0x40800058 as the first argument. + +Looking at the code provided, the oldmmap.S file uses inline assembly to push the arguments onto the stack for the syscall. The order of pushing is important because syscalls in Linux traditionally use this method. So, the user's program pushes the offset (0), fd (-1), flags (MAP_PRIVATE|MAP_ANONYMOUS), protection (PROT_READ|PROT_WRITE), length (8192, which is 2<<12), and address (0) onto the stack, then sets ebx to esp pointing to this array of arguments. Eax is set to _NR_mmap (90). + +Now, in QEMU's output, it's interpreting the mmap syscall with different arguments: (0x40800058, 0, PROT_NONE, ...). This suggests that either the order of the arguments is incorrect or they're being read from the wrong place. + +The key point here is how syscalls are handled in QEMU. For i386, the old syscall convention uses eax for the number and then pushes the arguments onto the stack. However, newer methods might use different registers. But since _NR_mmap is 90, which was an older syscall number (in some contexts, it's now higher on x86_64), this implies that the code is using the i386 syscall convention. + +QEMU should correctly interpret the stack arguments when emulating the old syscalls. If QEMU isn't decoding them properly, it might be because of a bug in how it reads the stack for these specific syscalls or perhaps an issue with register handling. + +The user mentioned that this is happening on 32-bit mode, so it's not a problem related to instruction encoding but more about how system calls are parsed. Since the issue is specifically about the arguments passed to mmap (a system call), and not about executing instructions incorrectly or runtime errors elsewhere, this falls under a syscall category. + +Therefore, I classify this bug as 'syscall' because it involves incorrect handling of the system call arguments by QEMU's emulator. +</think> + +The issue arises from QEMU improperly decoding the stack-based arguments for the mmap syscall, leading to incorrect strace output. This is related to how syscalls are handled in the emulator. + +**Answer:** +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1761153 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1761153 new file mode 100644 index 000000000..61a164cac --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1761153 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to classify this bug report related to QEMU. Let me read through it carefully and understand what's going on here. + +The issue is about mmap behaving incorrectly when dealing with large files on a 64-bit host running a 32-bit executable via QEMU. The user provided a test program, `test_mmap.c`, which they compiled as a 32-bit binary. When they run it under qemu-i386, the output is "Incorrect data 1", indicating that something went wrong with the mmap operation. + +The problem seems to occur when the offset exceeds 4GiB, which makes sense because 32-bit systems can't address more than that due to their limited pointer size. So, when trying to mmap a file beyond 4GB on a 64-bit host using a 32-bit guest executable via QEMU, it's failing. + +Looking at the possible categories: instruction, syscall, runtime. The user is asking which category this bug falls into. Let me think about each possibility. + +First, "instruction" would imply that there's an issue with how specific instructions are handled by QEMU. This doesn't seem to be the case here since the problem isn't about executing a particular opcode incorrectly but rather handling file mappings. + +Next, "syscall": this relates to errors when making system calls. Mmap is indeed a system call (sys_mmap), so if QEMU is mishandling it, especially across 32/64-bit boundaries, that would fit here. The issue arises during the mmap operation, which involves handling pointers and addresses correctly between different architectures. + +Lastly, "runtime" is for other runtime errors not covered by instructions or syscalls. Since this seems tied to how system calls are emulated, especially involving address spaces and memory mappings, it's more likely a syscall issue rather than a general runtime problem. + +Putting it all together: the bug is related to QEMU's handling of mmap syscalls when the guest is 32-bit and the host is 64-bit. Therefore, this should be categorized under "syscall". +</think> + +The bug relates to how QEMU handles the mmap system call across different architectures, specifically between a 64-bit host and a 32-bit guest executable. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1783362 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1783362 new file mode 100644 index 000000000..53f2a12a9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1783362 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to classify this bug report related to QEMU. The issue is that when using mmap with len==0 on an ARM64 binary running under QEMU on an x86_64 host, it returns success (NULL, 0) instead of failure (MAP_FAILED, -1). + +First, I need to understand what the problem is. Mmap is a system call used for memory mapping files or allocating anonymous memory. According to the POSIX standard, if len is zero, mmap should return MAP_FAILED and set errno to EINVAL. But in this case, under QEMU's user emulation, it returns NULL and 0, which suggests a success, but that's incorrect. + +The user provided steps to reproduce the issue. They compiled a test program for ARM64 using a cross-compiler and ran it on an x86_64 host with QEMU-user. The program asserts that mmap should return MAP_FAILED when len is zero, but under QEMU, it doesn't, causing the assertion to fail. + +Looking at the possible categories: instruction, syscall, or runtime. + +"Instruction" would be if there was a problem with how an instruction was handled by the emulator. "Syscall" relates directly to system calls not behaving as expected, which seems to fit here because mmap is a syscall and it's returning incorrect values. "Runtime" might involve other issues during execution that aren't tied to specific instructions or syscalls. + +Since the issue revolves around how QEMU handles the mmap system call when len is zero, this points towards a problem in the syscall handling within QEMU. The bug is specifically about the behavior of mmap, which is a syscall, so it's likely categorized under "syscall." + +Additionally, the fact that running on a native ARM64 host works correctly (returns -1 and sets errno to 22) indicates that QEMU's emulation isn't correctly handling this edge case. This further supports the idea that the issue lies in how the syscall is being emulated by QEMU. +</think> + +The bug pertains to incorrect behavior of the mmap system call under QEMU when len is zero, which falls under the "syscall" category. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1805913 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1805913 new file mode 100644 index 000000000..cab4fac7f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1805913 @@ -0,0 +1,22 @@ +<think> +Okay, I'm trying to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me break it down step by step. + +The issue is that when running 32-bit user-static QEMU on a 64-bit host, the readdir() function returns NULL with errno=EOVERFLOW. From the provided code and explanation, I understand that this happens because the inode numbers returned by getdents64 (a syscall) are 64-bit values, but in a 32-bit environment, these can't fit into the 32-bit DIR* structure expected by readdir(). The glibc code is checking for this overflow and throwing EOVERFLOW. + +So, what's happening here? The problem arises when the user-space application (compiled for 32-bit) interacts with the kernel (64-bit). The QEMU emulator is supposed to handle this translation, but it's not doing so properly. Specifically, it's passing through the 64-bit inode numbers directly without converting them to a compatible 32-bit format. + +Looking at the categories: + +1. Instruction: This would relate to issues with CPU instructions or assembly-level problems. I don't think that's the case here; the problem is more about data handling between different architectures. + +2. Syscall: Since the issue involves syscalls like getdents64, which are being called from user-space into the kernel, and how their results are handled by QEMU. The problem occurs during the processing of these syscalls. + +3. Runtime: This would cover issues that happen during program execution but aren't directly tied to instruction-level or syscall handling. However, in this case, the issue is specifically about how QEMU handles a syscall result, which makes it more about syscall processing rather than a general runtime error. + +So, considering that the bug report is about QEMU not correctly translating or handling 64-bit syscalls for a 32-bit environment, especially with getdents64, this falls under the 'syscall' category. It's an issue in how QEMU manages system calls and their data when emulating a different architecture. +</think> + +The bug report is about how QEMU handles a syscall (getdents64) for a 32-bit application on a 64-bit host, leading to an EOVERFLOW error because of incompatible data types. This is categorized under 'syscall' as it involves system call handling and translation between architectures. + +**Answer:** +syscal \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1810433 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1810433 new file mode 100644 index 000000000..5fb84ffb5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1810433 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm looking at this bug report about qemu-aarch64-linux-user having inconsistent pwrite behavior. The user provided a minimal test case where they open a file, fallocate some space, and then call pwrite with buf as NULL and len as 0. They noticed that on native x86_64 and aarch64 systems, pwrite returns 0, but when running under qemu-aarch64, it returns -1 instead. + +Hmm, the first thing I need to figure out is why this discrepancy exists. Let me recall what pwrite does. According to the man page, pwrite writes up to len bytes from the buffer starting at buf into the file descriptor fd at offset off. If len is 0, then no bytes are written, but according to POSIX, it should return 0 in that case. + +Wait, so both native systems are returning 0 when len is 0, regardless of whether buf is NULL or not? That's correct behavior because writing zero bytes doesn't require accessing the buffer. So passing a NULL buffer shouldn't matter since no data is copied from it. + +Now, looking at the qemu setup: they're using the aarch64-linux-user target and the specific commit 20d6c7312f1b812bb9c750f4087f69ac8485cc90. The issue is that pwrite returns -1 in this environment, which suggests an error occurred. But according to the function's specs, it shouldn't fail when len is 0. + +I need to determine where the problem lies. Since the behavior is different from the native systems, it's likely a bug in how qemu handles the pwrite syscall for aarch64 targets. Maybe there's an issue with the emulation of the pwrite call in that specific target. + +Looking at the possible categories: instruction, syscall, runtime. The problem is about the handling of the pwrite system call returning an incorrect value under certain conditions. This points towards it being a syscall-related issue because it's how the system call is emulated that's causing the discrepancy. + +So the category should be "syscall". +</think> + +The bug report describes an inconsistency in how the `pwrite` system call is handled by `qemu-aarch64-linux-user`. The native systems return 0 when `len` is 0, while qemu returns -1. This indicates a problem with the syscall emulation. + +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1837 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1837 new file mode 100644 index 000000000..a4ba1049a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1837 @@ -0,0 +1,11 @@ +<think> +Alright, I'm looking at this bug report about QEMU not supporting the IP_MULTICAST_IF socket option. The user provided a test program that uses setsockopt to try setting this option on a UDP socket under QEMU's aarch64-static environment. They're getting an error saying "Protocol not available," which suggests that the system call isn't handling this particular socket option correctly. + +First, I need to classify this bug into one of the given categories: instruction, syscall, or runtime. The issue here is with how the setsockopt system call is being handled within QEMU's user-mode emulation. The test program is using a standard system call (setsockopt) that's failing because QEMU doesn't support IP_MULTICAST_IF. + +So, this isn't an issue with an instruction execution but rather how a system call is implemented in QEMU. The problem arises during the runtime when trying to execute this specific syscall. Therefore, it falls under the 'syscall' category because the bug is related to the incorrect handling or absence of support for a particular system call within the emulator. +</think> + +The bug report pertains to an issue with how the setsockopt system call is handled in QEMU's user-mode emulation. Since the problem arises from the unsupported IP_MULTICAST_IF socket option, it falls under the category of a system call error. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1869073 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1869073 new file mode 100644 index 000000000..4d8d5dd16 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1869073 @@ -0,0 +1,25 @@ +<think> +Okay, so I'm trying to figure out why qemu-arm-static crashes with a segmentation fault when running "git clone -s". The user wants me to classify this bug as either instruction, syscall, or runtime. Let's break it down step by step. + +First, what is qemu-arm-static? It's a QEMU emulator for ARM architecture, static binary version. It allows running ARM binaries on an x86 host. In this case, the user is using it to cross-compile software via distcc, which distributes compilation tasks across multiple machines or cores. + +Now, when they run a script that uses "git clone -s", qemu crashes with a segmentation fault. Alternatively, sometimes git just hangs with 100% CPU usage. So this happens reliably every time the script tries to execute that git command under qemu-arm-static. + +Segmentation faults usually occur due to invalid memory accesses—like trying to read or write memory that the program isn't allowed to access. This could be a bug in the emulator itself, or perhaps an issue with how certain system calls (syscalls) are handled when running foreign binaries. + +Looking at the possible categories: + +1. Instruction: This would involve a specific machine instruction causing issues. For example, if a particular ARM instruction isn't handled correctly by QEMU, it could crash. +2. Syscall: Problems with how system calls are implemented or handled in the emulator. If git is making a syscall that qemu-arm-static doesn't handle properly, this could lead to crashes. +3. Runtime: Other runtime errors not directly tied to instructions or syscalls, like memory management issues. + +Since "git clone -s" uses various system calls (like network operations, file I/O), it's likely that the issue is related to how QEMU handles these syscalls when emulating ARM on an x86 host. It might be that certain syscalls aren't properly translated or handled, leading to a segmentation fault. + +Alternatively, it could be a runtime error due to incorrect memory handling within the emulator when dealing with git's operations. However, since the crash happens specifically during a syscall-heavy operation like cloning a repository, I think the issue is more likely tied to how syscalls are being processed by qemu-arm-static. + +So, putting this together, the category would most likely be "syscall". +</think> + +The issue occurs when handling system calls made by git clone, leading QEMU to crash. This points towards problems with syscall handling in the emulator. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1869241 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1869241 new file mode 100644 index 000000000..d872cd99f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1869241 @@ -0,0 +1,22 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's break down the problem step by step. + +The user is encountering an error when using svn checkout on an ARM7 system emulated via qemu-arm-static. The error message is "E000075 Can't read directory '...': Value too large for defined data type." This happens consistently during their autobuild process. + +First, I should consider what each category entails: +- **Instruction**: This would involve a problem with an individual CPU instruction. If qemu was misinterpreting or executing an ARM7 instruction incorrectly, that could cause issues. +- **Syscall**: This relates to system calls made by the emulated process. If qemu isn't handling a particular syscall correctly on the host (AMD64), it might lead to such errors. +- **Runtime**: This would be other runtime issues not directly tied to instructions or syscalls, perhaps related to memory management, resource limits, etc. + +Looking at the error message: "Value too large for defined data type." This typically occurs when a value exceeds the maximum size allowed by a variable's definition. In programming terms, this could happen if, for example, a function expects an integer but receives a larger value than it can handle. + +In the context of SVN operations, reading a directory might involve retrieving file metadata or listing entries. The error suggests that some value returned from the system is too large for what svn expects. Now, considering the emulation layer, qemu-arm-static runs ARM7 code on an AMD64 host. + +When emulating syscalls, qemu translates them between the target (ARM) and host (AMD64) architectures. If there's a mismatch in how certain values are handled during this translation—like file handles or directory descriptors being too large for what the target expects—it could cause such errors. + +So, the problem likely arises when qemu is handling syscalls related to directory operations. It might be that the emulation isn't correctly translating the sizes or types of these system calls, leading to svn receiving values it can't process. + +Therefore, this issue falls under the **syscall** category because it's related to how system calls are being handled by qemu during the emulation process. +</think> + +syscal \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1910605 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1910605 new file mode 100644 index 000000000..8d12ad635 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1910605 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out this problem where using qemu-arm-static gives an error with ioctl USBDEVFS_BULK returning -1 and EFAULT (Bad address), but it works fine with qemu-aarch64-static. The user is running on a 64-bit Intel laptop. + +First, I need to understand what's going on here. The code snippet uses ioctl with the USBDEVFS_BULK command. The struct usbdevfs_bulktransfer is being set up, and then ioctl is called. On qemu-arm-static, this returns -1 with EFAULT, which usually means a bad address was accessed. But it works fine when using qemu-aarch64-static. + +Hmm, so why would the same code work on one emulator but not another? Let's think about the differences between arm and aarch64. ARM is 32-bit, while AArch64 is 64-bit. The user is running on a 64-bit Intel machine, so when they use qemu-aarch64-static, it's emulating a 64-bit system, which might be more straightforward because the host and guest are both 64-bit. But with qemu-arm-static, it's emulating a 32-bit ARM system on a 64-bit host. + +I remember that when dealing with pointers in 32-bit versus 64-bit environments, there can be issues with how addresses are handled. Maybe the struct usbdevfs_bulktransfer is being passed incorrectly in terms of alignment or size when running under the arm emulator. + +Looking at the code, Bulk.data is assigned (void *)pData. If pData isn't correctly aligned for a 32-bit pointer, or if there's an issue with how the data is copied between host and guest memory spaces, that could cause EFAULT. Another possibility is that the struct itself might have padding differences between 32-bit and 64-bit architectures, leading to misaligned data when passed into ioctl. + +Also, considering that qemu-arm-static is a user-mode emulator, it's possible there are issues with how syscalls like ioctl are handled in different modes (arm vs. aarch64). Maybe the syscall expects certain parameters or structures to be laid out differently for 32-bit compared to 64-bit, and in this case, the arm version isn't handling it correctly. + +So, putting this together, the issue seems related to how the ioctl system call is being handled by qemu-arm-static. It's causing a bad address error because of pointer or struct alignment issues specific to the 32-bit emulation on a 64-bit host. This points towards a syscall-related problem rather than an instruction-level fault or a runtime error elsewhere. + +Therefore, the category should be 'syscall' because it's related to how the ioctl system call is being executed and handled within the qemu-arm-static environment. +</think> + +syscalls are involved in handling the ioctl command, leading to the EFAULT error. The issue arises from differences in pointer alignment between 32-bit and 64-bit environments. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/1926521 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1926521 new file mode 100644 index 000000000..5a8c91e73 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/1926521 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to classify this bug report for QEMU. The issue is that when an application uses MADV_DONTNEED, QEMU isn't handling it correctly. Let me break down what's happening here. + +The user provided code where they map a page with MAP_PRIVATE | MAP_ANONYMOUS, which means it's private and anonymous—so changes won't be reflected in any file. They write 'A' to the first byte of this mapped area. Then they call madvise with MADV_DONTNEED on that region. + +According to the man pages, after MADV_DONTNEED, accessing those pages should result in either reloading from a file (for shared mappings) or zero-filled pages for private anonymous mappings. In this case, since it's MAP_PRIVATE and anonymous, any access should get zeros because the OS can just drop the pages and refill them on next access with zeros. + +In the code, after calling madvise, they assert that *P is 0. On the host system, this works as expected, but when run under QEMU, it fails, meaning *P isn't zeroed out, causing an assertion failure. + +Looking at the QEMU code, in the syscall.c file, there's a comment saying MADV_DONTNEED is ignored because it's a hint. So QEMU just returns success without doing anything, which explains why the memory isn't cleared as expected. + +So this issue is about how QEMU handles a specific system call—madvise with MADV_DONTNEED. Since it's not correctly implementing the expected behavior of the madvise syscall, it falls under a syscall error category. +</think> + +The bug report pertains to an incorrect handling of the `madvise` system call in QEMU when processing the `MADV_DONTNEED` advice, leading to unexpected memory behavior. + +**Answer:** The given bug is classified as a **syscall** issue. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/2101 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2101 new file mode 100644 index 000000000..71d81c4a2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2101 @@ -0,0 +1,23 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The user is running `qemu-x86_64` on an aarch64 platform and executing the 'ls' command. They're getting incorrect results when they run it. The steps involve copying the ls binary and its dependencies from x86_64 to aarch64, then using qemu to execute it. + +Hmm, so what's happening here? Since they're using QEMU to emulate an x86_64 environment on an aarch64 host, any issues could be related to how the emulator is handling system calls or instructions from the binary. + +The problem occurs when executing 'ls -l /'. The expected behavior is for ls to list the root directory's contents correctly. If it's giving wrong results, maybe it's not reading the filesystem properly or there's an issue with how QEMU is handling file operations. + +I should consider possible causes. One possibility is that the system calls made by 'ls' are not being translated correctly by QEMU. For example, if certain syscalls aren't handled properly in the emulator when running on aarch64, that could lead to incorrect outputs. Alternatively, it might be an issue with how QEMU handles the file descriptors or directory listings. + +Another angle is whether the dependencies of 'ls' are correctly set up. If any shared libraries required by 'ls' aren't present or are incompatible in the x86_64 root directory on the aarch64 host, that could cause unexpected behavior. But the user mentioned copying all necessary so files, so perhaps that's not the issue. + +Looking at the categories: instruction issues would relate to specific CPU instructions not being emulated correctly. Syscall issues would be about system calls failing or returning incorrect data. Runtime errors are more general and happen during execution but aren't tied to a specific cause like syscalls or instructions. + +In this case, since 'ls' is relying on the filesystem operations which involve syscalls like readdir, open, etc., it's likely that QEMU isn't correctly translating these syscalls when running in an emulated environment. If those syscalls aren't handled properly, the output from 'ls' would be wrong. + +Therefore, the most probable category is "syscall" because the issue seems to stem from incorrect handling of system calls made by the x86_64 binary on the aarch64 host via QEMU. +</think> + +The issue likely arises from how QEMU handles system calls for file operations in an emulated environment. Incorrect syscall translation could cause 'ls' to produce wrong results. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/2122 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2122 new file mode 100644 index 000000000..87c5b4bae --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2122 @@ -0,0 +1,15 @@ +<think> +Alright, I'm looking at this bug report about QEMU-user-static causing a segfault when running ldconfig on an x86_64 host with an arm64 client. The user provided steps to reproduce: downloading an Ubuntu Jammy arm64 rootfs, mounting it with /proc from the host, and then executing an apt uninstall that triggers libc-bin processing. + +Hmm, I need to classify this bug into one of three categories: instruction, syscall, or runtime. Let me think about each category. + +"Instruction" would involve a specific faulty command or instruction in the code causing the issue. "Syscall" relates to errors when interacting with system calls. "Runtime" is for other runtime errors that don't fall into the first two. + +In this case, the segfault occurs during the execution of ldconfig via apt processing. Since it's happening while running a process on the emulated arm64 environment, and given that QEMU-user-static handles CPU emulation, it's likely a problem with how system calls are being handled between the host and guest architectures. + +So, I think this is related to syscalls because ldconfig might be making certain system calls that aren't being translated correctly by QEMU. Therefore, the category should be "syscall." +</think> + +The bug occurs during system call handling between the host and guest architectures when running ldconfig via apt. This points to a syscall-related issue. + +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/2248 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2248 new file mode 100644 index 000000000..1098b622f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2248 @@ -0,0 +1,642 @@ +<think> +Okay, so I'm looking at this bug report about QEMU-aarch64 giving the wrong result when executing some AArch64 code. The correct output should be -1, but instead it's getting 0x3fffffffffffffff, which is a positive number. Hmm. + +The user provided C and assembly code. In main(), they call callme() with arguments (0,0,0,1,2). Let me look at the assembly for callme: + +callme: +- Compare x2 and x3 (which are 0 and 1 in this case) +- cset x12 to lt (so if x2 < x3, set x12. Since 0 <1 is true, x12 becomes 1?) +Wait, but wait: the arguments passed are a=0, b=1, c=2. So x2 is a (0), x3 is b (1). So cmp x2, x3 is comparing 0 and 1. + +cset x12 to lt, so if x2 < x3, which it is, x12 becomes 1. + +Then, and w11, w12, #0xff. Wait, but x12 is a 64-bit register; when we do 'and' with w12, are we only using the lower 32 bits? Because w12 refers to the lower word of x12. + +Wait, in AArch64, when you use a W register (like w12), it's the lower 32 bits of X12. So if x12 is all ones for some reason, but here it was set by cset to lt, which would set x12 to 0 or -1? Wait no: in AArch64, 'cset' with a condition sets the register to 1 if the condition is true, else 0. So x12 should be 1 after cset. + +Then and w11, w12, #0xff: so w12 is lower 32 bits of x12 (which is 0x00000001). Anding with 0xff gives w11 as 0x1. + +Next, cmp w11, #0x0: since it's 1, the condition is true for 'ne'. Then csetm x14, ne. So x14 is set to -1 (because csetm sets it to all ones if the condition is met). So x14 becomes 0xffffffffffffffff. + +Then lsr x13, x14, x4: x4 is argument 'c' which is 2. So shifting right by 2 bits. Shifting a 64-bit value of -1 (all ones) right arithmetically would still be all ones, but wait no: in AArch64, lsr is logical shift right, so it fills with zeros. Wait no, the instruction is 'lsr' which is logical shift right, not arithmetic. + +Wait, x14 is 0xffffffffffffffff (all ones). Shifting logically right by x4=2 gives x13 as 0x0000000000000003. Wait no: shifting all ones (which is -1 in two's complement) with lsr would give a large number, but let me think: + +Wait, when you do lsr on a negative number, like x14 is 0xffffffffffffffff, which is -1 in two's complement. Shifting it logically right by 2: each shift right for a logical operation fills the high bits with zeros. So after two shifts, x13 would be 0x00000000000000ff shifted right twice? Wait no, I'm getting confused. + +Wait, let's think in binary. x14 is all ones: 64 bits of 1s. Shifting logically right by 2 positions would move each bit to the right by two places, and fill the left with zeros. So after shifting, we'd have: + +0b111...111 >> 2 (logical) → but wait, for a logical shift, it's like an unsigned shift, so the result is 0x3 followed by 62 zeros? Wait no: shifting 64 bits of all ones right by two positions would give us 0x3 in the lower bits and zeros above. So x13 becomes 0x3. + +Wait, let me calculate it: + +Original x14 is -1 (all ones). lsr x13, x14, #2: so each bit is shifted right by two positions with zero fill on the left. So for a 64-bit value, shifting all ones right by two gives us 0x3 followed by zeros. + +Wait no: Wait, 0xffffffffffffffff is -1 in signed 64-bit integer. Shifting it logically (unsigned) right by two would give 0x3 followed by 62 zeros? Or is it that the higher bits are filled with zero, so the result is 0x0000000000000003? + +Wait no: Let's think in terms of binary. All ones (64 bits) shifted right logically by two positions would have the lower two bits as 1s and higher 62 bits as zeros? No, wait that can't be because shifting right with logical shift fills with zero on the left. + +So for example, if we have a byte: 0b11111111 (all ones) shifted logically right by two positions gives 0b00111111. Similarly, in 64 bits, shifting all ones right by two would give us 0x3 followed by 62 zeros? Wait no: the lower two bits are filled with the higher two bits of x14, but since x14 is all ones, after shift, it's 0b...11. So in fact, lsr x13, x14, #2 would result in x13 being 0x0000000000000003. + +Wait, but wait: the 'lsr' instruction with a variable shift amount uses the lower byte of the shift register. So if x4 is 2, it's correct. So x13 = x14 >> 2 (logical). Since x14 was -1 (all ones), x13 would be 0x3 followed by 62 zeros? Or perhaps not. + +Wait, no: when you shift a negative number with logical shift, the sign is ignored because it's treated as unsigned. So for example, in two's complement, shifting all ones (which is -1) logically right by 2 would result in 0x3 (since each shift right fills with zero on the left). But wait: let me think again. + +Wait, no: Let's take a smaller example. Take an 8-bit value: + +- All ones: 0b11111111 (-1 in two's complement). + +Shifting logically right by one position gives 0b01111111 (which is 127, not -64). Similarly, shifting it right by two positions would give 0b00111111 (63). + +Wait no: Wait, no. Because in logical shift, the sign bit doesn't matter; you're just shifting zeros into the higher bits. + +So for a 64-bit value of all ones: + +Shifting logically right by two positions would result in 0x0000000000000003. Because each shift right adds a zero to the high end, so after two shifts, the lower two bits are still 1s. + +So x13 is now 0x3. + +Next step: sxtb x0, w13. So sxtb is sign-extend byte. The source is the lower byte of w13 (which is x13's lower 8 bits). Since x13 is 0x3 (in 64 bits), the lower byte is 0x03. + +sxtb takes this as a signed 8-bit value, which is 0x03 → positive. So sign-extend to 64 bits gives 0x0000000000000003. + +So x0 becomes 3. But wait, the expected output was -1 (i.e., 0xffffffffffffffff). Hmm. + +Wait, but in this case, the code is giving x0 as 3, which would print as 3. However, the bug report says it's getting 4611686018427387903, which is 0x3fffffffffffffff, not 3. + +Wait that doesn't match. So perhaps my analysis is wrong. Let me check again. + +Wait, in the code: + +After lsr x13, x14, x4: so shift right by x4 (which is 2). If x14 was 0xffffffffffffffff, shifting it logically right by two positions gives us 0x3 followed by 62 zeros? Or perhaps I'm misunderstanding. + +Wait no. Wait, in binary terms: + +Shifting a number right with 'lsr' fills the higher bits with zero. So for example: + +If x14 is 0xFFFFFFFFFFFFFFFF (all ones), shifting it logically right by two gives us 0x3 followed by 62 zeros? No: because shifting right by two would mean that each of the lower bits moves up, but filling from the left. + +Wait, perhaps I'm getting confused with the direction. Let me think: in AArch64, lsr shifts the bits to the right. So for a positive number, it's straightforward, but for all ones (which is -1), when you do an lsr, the higher bits are filled with zero. + +So shifting 0xFFFFFFFFFFFFFFFF (all ones) right by two positions would result in 0x3 followed by 62 zeros? Or perhaps not. Let me think of it as a 4-bit example: + +All ones: 1111. + +Shifting logically right by one: 0111. + +Shifting again: 0011. + +So, for a 64-bit value all ones, shifting right by two would result in the lower two bits being 1s and the rest zeros? No, wait that's not correct. Because when you shift all ones right, each shift right would lose the least significant bit and fill with zero on the left. + +Wait no: For example: + +0b1111 shifted logically right by one → 0b0111 (since we drop the last bit and add a zero at the front). Similarly, shifting again gives 0b0011. So in 64 bits, all ones shifted right by two would be 0x3 followed by 62 zeros. + +Wait no: Wait, that's not correct because in reality, for example: + +In 8 bits, 0b11111111 (all ones) shifted logically right by one is 0b01111111. Then shifting again would be 0b00111111. + +So in 64 bits, the result of lsr x14, #2 would have the lower two bits as 1s and the rest as zeros? No, because each shift right by one adds a zero on the left. So after two shifts, it's 0x3 followed by 62 zeros. + +Wait but that can't be because shifting all ones (which is -1) logically right would produce a positive number. But in our case, x14 was set to -1 via csetm, which sets it to all ones. So when we shift it with lsr, the result should be 0x3 followed by 62 zeros. + +Then sxtb x0, w13: so w13 is lower 32 bits of x13. Since x13 after lsr is 0x3 followed by 62 zeros, then w13 (lower 32 bits) would be 0x00000003. + +sxtb takes the lower byte (8 bits) of w13: which is 0x03. Since it's a positive value (0x03 is less than 0x80), sign-extended to 64 bits, x0 becomes 0x0000000000000003. + +But according to the bug report, the result is 0x3fffffffffffffff, which is a large positive number. Hmm, that suggests that sxtb may be interpreting w13 differently. + +Wait wait: Let me think again about lsr x13, x14, x4. If x4 is 2, then it's shifting by two bits. But if the shift amount is larger than the register size, what happens? + +In AArch64, lsr with a variable shift (like using another register) shifts as per the lower byte of the shift value. So for example, if x4 is 65, then it would effectively be shifting by 1 (since 65 mod 64 is 1). But in our case, x4 is 2. + +Wait but wait: in the code, x4 is passed as c=2. So the shift amount is two. + +So lsr x13, x14, x4 would be shifting by 2 bits. + +But let's think about the value of x14 again. After csetm, x14 should be all ones (0xffffffffffffffff). Shifting that with lsr right by two gives 0x3 followed by 62 zeros? Or perhaps I'm making a mistake here. + +Wait no: Let me compute it as binary. All ones is 64 bits of 1s. Shifted logically right by two positions: + +Each bit moves to the right, and zero is added on the left. So after one shift, we get 0b111...111 (with a zero at the start). After another shift, we have 0b111...111 again? Wait no: wait, that can't be. + +Wait, perhaps I'm misunderstanding how shifting all ones works. Let's think differently: in two's complement, -1 is represented as all ones. Shifting it logically right by n bits would give a value with the lower n bits set to 1 and the rest filled with zeros. Wait no: that can't be correct because for example: + +0xFFFFFFFF (32-bit) shifted logical right by one gives 0x7FFFFFFF. + +Wait, maybe I'm mixing up signed and unsigned shifts. Let me try this step again. + +In AArch64, 'lsr' is a logical shift right, which treats the number as unsigned. So when you have x14 = 0xFFFFFFFFFFFFFFFF (which is -1 in two's complement), but treated as an unsigned value it's 0xFFFFFFFFFFFFFFFF. + +Shifting that logically right by 2 positions would result in 0x3 followed by 62 zeros? Or perhaps not, because shifting all ones by two would actually fill the lower bits with the higher bits of x14. Wait no: when you do a logical shift right, the bits are shifted to the right, and the vacated bits on the left are filled with zeros. + +So for example: + +0b1111 (all ones) shifted logically right by 2 → 0b0011. + +Similarly, in 64 bits, shifting all ones right by two would give us a value where the lower two bits are 1s and the rest are 0s. So x13 becomes 0x3 followed by 62 zeros? No, wait that can't be because it's 64 bits. + +Wait no: Let me think in terms of binary: + +Original x14 is 64 ones. + +After lsr x13, x14, #2 → shift right two positions. So the lower two bits would be lost (they are shifted out) and zeros are added on the left. + +So the result would be 0x3 followed by 62 zeros? No: because shifting all ones right by two would result in 0x0000000000000003. Because each shift to the right by one position drops a bit and adds a zero on the left. + +Wait, let me think step by step: + +- Start with x14: 64 bits all ones → binary '1' repeated 64 times. +- lsr x13, x14, #2: + - Shift right two positions. + - The first shift: rightmost bit (LSB) is lost; a zero is added to the left. So now, x13 is 0x7FFFFFFFFFFFFFFF (which is 63 ones followed by one zero). + - Second shift: again, the new LSB is shifted out (a zero this time), and another zero is added to the left. + - So after two shifts, we have 0x3 followed by 62 zeros? No, wait: + +Wait no. Let me think in terms of bits. + +Original x14: bit positions 63 down to 0 are all '1's. + +After shifting right by one: +- Bit position 63 becomes 0. +- Bits 62-0 become the original bits 63-1, respectively. +So after first shift: bit 63 is 0, others are 1s except for bit 0 which was shifted out. + +Wait no, shifting right by one would take each bit and move it to the next lower position. So: + +After lsr x14 #1: +bit 63 → 0, +bits 62-0 → original bits 63-1. + +So all bits except bit 63 are still '1's, and bit 63 is now 0. + +Wait that can't be right. Because when you do a logical shift right on an unsigned integer, the higher bits are filled with zeros. + +Ah, I see my confusion: in AArch64, the 'lsr' instruction shifts the value as if it's unsigned. So for x14 = 0xFFFFFFFFFFFFFFFF (all ones), which is -1 in signed but 2^64-1 in unsigned. + +Shifting that right by two would result in: + +(2^64 -1) / (2^2) → floor division, which would give us 0x3 followed by a lot of zeros? + +Wait, no. Wait, let's compute it numerically: + +The value is 0xFFFFFFFFFFFFFFFF (in hex), which is 2^64 - 1. + +Shifting that right by two bits: (2^64 -1) >> 2 = ? + +Well, in hexadecimal terms, each 'F' represents four bits. So shifting right by two positions would drop the last two bits and fill with zeros on the left. + +So 0xFFFFFFFFFFFFFFFF shifted right by two is 0x3 followed by a lot of Fs? + +Wait no: because if you have all ones and shift right by two, the higher bits are filled with zeros, so: + +In binary, shifting right by two would give us: + +Original: 111...111 (64 bits) +Shifted by two: 00 followed by 111...111, but only for 62 bits. + +Wait no, that's not correct. Because when you shift right by two positions, each bit moves to the next lower position twice. + +So after shifting, the value would be: + +Original (binary): + +bit63 ... bit0: all 1s + +After shifting right by two: + +bit63 and bit62 are set to 0. +bits61 down to 0 take the original bits63 down to 2. + +But since original bits were all 1s, after shift: + +bits63-62: 0 +bits61-0: 1 + +So in hex, that would be 0x0000000000000003 followed by zeros? No, wait. + +Wait no. Let me convert the shifted binary to hex: + +After shifting right two positions, we have: + +bits63-62: 0 +bits61-0: all ones except the last two bits (which were shifted out). + +So in terms of bytes: + +The first byte is now 0x00 (since the higher 8 bits are zeros). +Then follows bytes that are all 0xFF, but with the last two bits cleared? + +Wait no. Let's think in terms of shifting each bit. + +Wait perhaps a better approach: let me compute what happens when I shift 0xFFFFFFFFFFFFFFFF right by two positions using an unsigned right shift (which is what 'lsr' does). + +So: + +0xFFFFFFFFFFFFFFFF is equal to 2^64 -1. + +Shifting it right by two gives (2^64 -1) / (2^2) = (2^64 -1)/4. + +Which is 0x3 followed by 62 'F's? No, that can't be because shifting right in binary reduces the value, not increases. + +Wait no: Wait, no. Shifting right divides the number by two for each shift. So (2^64 -1) / 4 = 2^62 - (1/4), but since we're dealing with integers, it's floor division. + +So (2^64 -1) /4 = 0x3 followed by six 'F's and then some? + +Wait I'm getting confused. Let me calculate in hex: + +Shifting 0xFFFFFFFFFFFFFFFF right by two positions: + +Each shift to the right by one position is equivalent to dividing by two, but with integer division. + +So shifting right by one: 0x7FFFFFF... (since you lose the last bit). + +But for an all-ones number, shifting right as unsigned would fill with zeros on the left. So after shifting by two: + +The value becomes 0x3 followed by six 'F's and then more? + +Wait no, perhaps I'm overcomplicating it. + +Let me consider a smaller example: let's say we have a 8-bit number of all ones (0xFF). Shifting right by two positions as unsigned would result in 0x3F. Because: + +Original: 11111111 +After one shift: 01111111 +After another shift: 00111111, which is 0x3F. + +So for 8 bits, shifting right by two gives 0x3F. + +Similarly, in 64 bits, shifting all ones (0xFFFFFFFFFFFFFFFF) right by two positions would give us 0x3 followed by seven 'F's and then the rest? + +Wait no: wait, let me think. In an 8-bit number: + +After two shifts, we have 0x3F. + +In a 64-bit number, shifting all ones (0xFFFFFFFFFFFFFFFF) right by two positions would give us 0x3 followed by seven 'FF's and then the lower bits? Or is it 0x3 followed by more zeros? + +Wait no: Wait in an n-bit system, shifting all ones right by k positions gives a value where the higher k bits are zero, and the remaining (n -k) bits are one. + +So for 64 bits: + +Shifting two positions → first two bits are zero, next 62 bits are one. + +Which is 0x000000000000003F followed by ... no, wait in binary that would be 62 ones after the leading two zeros. So in hex, that's: + +Each four-bit nibble is a hexadecimal digit. So for 64 bits, if we have two leading zeros and 62 ones: + +The first nibble (bits 63-60) is 0x0, +the second nibble (59-56): 0x3, +and the rest would be 0xF each. + +Wait no: Let's count the bits. If we have two leading zeros, then in hex: + +The first byte (8 bits) would be 0x00 (since bits 63-56 are zero). + +Then the next six bytes (48 bits): each is 0xFF because those bits are ones. + +Wait no: Wait 62 bits after the two leading zeros. Let's calculate how that breaks down into hex digits: + +62 bits /4 = 15.5, which doesn't make sense. So perhaps it's better to think in terms of the entire 64-bit value. + +The result is 0x3 followed by six 'F's and then a half-byte? + +Wait I'm getting stuck here. Perhaps I should calculate the exact value after shifting. + +Original x14: 0xFFFFFFFFFFFFFFFF + +Shifting right two positions as unsigned: + +In binary, that would be: + +0b 1111 1111 ... (64 times) → shifted right by two gives: + +0b 00 followed by 62 ones. + +So in hex: + +Each byte is represented by two hex digits. Let's break down the 64 bits into eight bytes, each four bits. + +After shifting, the first two bits are zero, then 62 ones. + +In terms of bytes: + +The first byte (bits 63-56) would be 0b00 followed by six ones? No: because after two shifts, it's 0x00 in the first nibble and 0x3F in the next nibble? + +Wait perhaps a better way is to note that shifting right as unsigned in AArch64 for an all-ones number will result in a number where the lower bits are set. So after two shifts, it's 0x3 followed by 15 'Fs' (since each shift reduces the leading zeros and sets the trailing ones). + +Wait but I'm not getting anywhere with this. + +Alternatively, perhaps it's better to note that shifting right as unsigned for an all-ones number will result in a value where the higher bits are zero and lower bits are one up to 64 - k bits. So after two shifts, we have: + +0x3 followed by 15 'F's? Or is it something else. + +Wait perhaps I should just compute what (0xFFFFFFFFFFFFFFFF >> 2) is in hex. + +In Python, shifting right as unsigned would be done with bit_length and using the formula x >> n | ((x << (bit_length - n)) ) ? + +But let me do a quick calculation: + +(0xFFFFFFFFFFFFFFFF) is equal to (1<<64) -1. + +Shifting it right by two positions gives: + +((1<<64)-1) // 4 = (2^64 -1)/4. + +Which is 2^62 - 1/4, but since we're dealing with integers, it's floor division. + +So 2^62 -1 in integer terms. + +Wait no: Wait, ((1<<64)-1) //4 would be (2^64 -1)/4 = 2^62 - 0.25, which as an integer is 2^62 -1. + +Because 2^62 *4 = 2^64, so 2^64 -1 divided by four is 2^62 - (1/4). So in integer division, it's 2^62 -1. + +So the value after shifting is 0x3FFFFFF... something? + +Wait let me compute: + +2^62 is 0x4000000000000000. + +Subtracting one gives 0x3FFFFFFFFFFFFFFF. + +Yes, because: + +In hex, 0x4000000000000000 is 2^62. Subtract 1: 0x3FFFFFFFFFFFFFFF. + +So yes, shifting right by two positions of 0xFFFFFFFFFFFFFFFF as unsigned gives us 0x3 followed by fifteen 'F's and then the rest? Wait: + +Wait 2^62 -1 is equal to 0x3FFFFFFFFFFFFFFF. + +Because: + +2^64 / 4 = 2^62, so (2^64 -1)/4 = 2^62 - 1/4, which as integer division is 2^62 -1. + +And 2^62 in hex is 0x4000000000000000. + +Subtracting one gives us 0x3FFFFFFFFFFFFFFF. + +So after shifting right two positions, the value of x14 becomes 0x3FFFFFFFFFFFFFFF. + +Wait but wait: When you shift as unsigned, shifting all ones by two would give: + +bits63-2 are set to 1, bits1 and 0 are 0? + +No. Because when you do an unsigned right shift, the higher-order bits are filled with zeros. So shifting 0xFFFFFFFFFFFFFFFF (all ones) right by two positions gives us a number where the first two bits are zero, followed by all ones up to bit 2. + +Wait but in that case: + +After shifting two positions, we have: + +bit63 and bit62: 0, + +bits61 down to 0: 1s. + +So the value is 0x3 followed by six 'F's? No, let me count: + +From bit61 down to bit0: 62 bits. Each nibble (four bits) is a hex digit. So 62 bits /4 = 15.5, which suggests it can't be exactly represented. Wait no, perhaps I made a mistake. + +Wait in reality, 0x3FFFFFFFFFFFFFFF has only 62 bits set as ones. Let's see: + +Yes: the value is 0x3 followed by fifteen 'F's and ending with an F. Because 0x3 is one nibble (4 bits), then each 'F' is four bits, so 15 'F's would make 60 bits, plus the initial 0x3 makes total of 64 bits. + +Yes: + +- 0x3 is 4 bits, +- followed by fifteen 'F's: 15 *4 =60 bits, +Total: 64 bits. + +So 0x3FFFFFFFFFFFFFFF is correct after shifting. + +Therefore, the result of lsr x14 #2 would be 0x3FFFFFFFFFFFFFFF. + +Wait but this seems counterintuitive because shifting an all-ones number right as unsigned should set the higher-order bits to zero and keep lower ones as ones up to that point. + +Yes, so in this case, it's correct: 0x3 followed by fifteen 'F's is indeed 0x3FFFFFFFFFFFFFFF. + +So now, we have x13 = 0x3FFFFFFFFFFFFFFF. + +Next step: adding the value of x4 (which is 0) to it. + +Wait no. The instruction was 'add x13, x14, x4' which is add x14 and x4 into x13. + +But since x4 is zero, this would just copy x14 into x13. + +So after the shift right by two, we have x14 = 0x3FFFFFFFFFFFFFFF. Then adding x4 (zero) to it, x13 becomes the same value: 0x3FFFFFFFFFFFFFFF. + +But perhaps I'm overcomplicating; regardless, let's move on. + +Next instruction is 'add x29, x13, #0x7f'. + +So add 0x7F to x13 (which is 0x3FFFFFFFFFFFFFFF). + +What's the result? + +Adding 0x7F (which is 127 in decimal) to 0x3FFFFFFFFFFFFFFF. + +Let me calculate that: + +0x3FFFFFFFFFFFFFFF + 0x000000000000007F = ? + +Well, in hex: + +The last byte of x13 is 0xFF. Adding 0x7F to it would carry over: + +FF (255) + 7F (127) = 1FE (which is 254 in hex). So the lower byte becomes FE and a carryover of 1. + +But wait, adding 0xFF + 0x7F: + +In binary, 0xFF is 11111111, +0x7F is 01111111. + +Adding them: + +11111111 ++01111111 += (Carryover) 1 11111110 + +So the result in binary is 11111110 with a carryover of 1 to the next byte. + +But wait, let's compute this correctly: + +0xFF + 0x7F = 0xFF + 0x7F = 0x1FE (which is 254 in hex). So yes, lower byte becomes FE and carryover of 1. + +So adding 0x7F to x13 would result in: + +x29 = 0x3FFFFFFF...FE with a carryover affecting the previous bytes. + +Wait but since all the higher bytes are F except for the first two nibbles (which are 3), let's see how that addition propagates. + +But perhaps it's easier to compute this numerically. Let's see: + +0x3FFFFFFFFFFFFFFF is equal to (2^64 -1) //4, which we calculated earlier as 0x3FFFFFFFFFFFFFFF. + +Adding 0x7F gives us 0x3FFFF...FE. + +Yes, because adding 127 will cause the lower byte to roll over from FF to FE with a carryover. But since all the higher bytes are F's except for the first two nibbles, which are 3 followed by F's, adding 1 would turn each F into 0 and carry over, but in this case, we're adding only 7F (127), so it might not propagate beyond a few bytes. + +Wait no: Let me think. x13 is 0x3FFFFFFFFFFFFFFF. Adding 0x7F: + +The lower byte is FF + 7F = FE with carryover 1. +But the previous byte was FF, adding the carryover turns it to 00 with carryover 1. +This would propagate all the way through until we reach a non-FF byte. + +Wait but in x13, after the initial '3' (four bits), followed by fifteen 'F's and ending with an F? Wait no: earlier calculation said that x14 after shifting is 0x3FFFFFFFFFFFFFFF. + +So the bytes are: + +Bytes: + +[0x03][FF][FF]... [FF] + +Wait, no. Let me break down 0x3FFFFFFFFFFFFFFF into bytes. + +Each byte is two hex digits. + +Starting from the left: 0x3F FF FF FF FF FF FF FF. + +Wait that's 8 bytes (64 bits): + +0x3F, followed by seven 'FF's. + +So in terms of bytes: + +Byte 7: 0x3F +Bytes 6-0: 0xFF each + +So when we add 0x7F to this value, let's compute it step by step. + +The initial value is: + +byte 7: 0x3F (bits 111111) +bytes 6-0: 0xFF (each byte is 11111111) + +Adding 0x7F to this: + +We can represent the number as: + +0x3FFFFFFF FFFF FF FF FF FF FF FF + +When adding 0x00000000 0000 0000 0000 0000 0000 007F. + +The addition starts from the least significant byte: + +Byte 0: 0xFF + 0x7F = 0xFE (254) with carryover of 1. +But wait, FF is 255, adding 7F (127): 255 + 127 = 382. But in a byte, this overflows to FE (since 382 mod 256 = 382 - 256= 126, which is 0x7E). Wait wait, no: that's incorrect. + +Wait let me do it correctly: + +In binary: + +FF is 11111111 (255) +7F is 01111111 (127) + +Adding them gives: +11111111 ++01111111 += 1 01111110 + +So the sum is FE (254) with a carryover of 1. + +So byte 0 becomes FE, and we have to add the carryover to byte 1. + +But byte 1 was originally FF. Adding 1 gives: + +FF + 1 = 00 with carryover 1. + +So byte 1 becomes 00, and we carry over 1 to byte 2. + +Byte 2 was also FF: adding 1 gives 00 again, and carryover continues. + +This cascades all the way through bytes 2 up to byte 6, each of which was FF. So after adding 1, they all become 00 with a carryover propagating. + +Now, when we reach byte 7 (the highest byte in this case), which is 0x3F (00111111 in binary), we add the carryover: + +00111111 + 1 = 001111110, but since we're working with bytes, it would be 0x40 (binary 01000000) because we can't have a byte value of 0x3F + 1 as 0x40. + +Wait no: + +Actually, when adding the carryover to 0x3F (which is binary 00111111), adding 1 would make it 00111111 + 1 = 001111110? Wait that's not possible in a byte. Let me correct: + +Wait, when you add the carryover to byte7 (0x3F), which is 6 bits set: 00111111. + +Adding 1 gives 00111111 + 1 = 001111110? No, that's nine bits. Actually, when adding a carryover to byte7, we have: + +0x3F is 63 in decimal. Adding 1 (carryover) makes it 64, which is 0x40. + +But since each byte can only hold up to 0xFF, so yes, 0x3F +1 = 0x40 with no further carryover beyond that. + +So the resulting value after adding 0x7F is: + +Byte7: 0x40 +Bytes6-1: 0x00 (since each FF became 00 when carrying over) +Byte0: 0xFE + +So putting it all together, the new value of x29 is 0x40000000000000FE. + +Wait no: + +Because byte7 was originally 0x3F (which is six bits), adding carryover makes it 0x40. Then bytes6-1 were all FF, which after addition become 00 each due to the carryover propagation. Byte0 becomes FE. + +So yes: x29 = 0x40000000000000FE. + +Wait but let me count the number of bytes again: + +Total is 64 bits, so eight bytes. + +After adding: + +- byte7: 0x3F +1 (carryover) becomes 0x40. +- bytes6 to 1: each was FF and turned into 00 due to carryover propagation. +- byte0: FE. + +So x29 is 0x40 followed by seven bytes of 00, ending with FE. So in hex: + +0x40000000000000FE. + +Yes. + +Now, the next instruction is 'sub x31, xzr, x29'. + +Subtracting x29 from zero (since xzr is zero). Wait no: it's 'sub x31, xzr, x29', which means x31 = xzr - x29. + +Since xzr is zero, this becomes x31 = -x29. So the value is the negative of 0x40000000000000FE. + +In two's complement, subtracting a number from zero gives its two's complement. Alternatively, in assembly, 'sub x31, xzr, x29' would compute -x29. + +So x31 = 0xFFFFFFFFFFFFFE (the two's complement of x29). + +Wait but let me confirm: + +The value of x29 is 0x40000000000000FE. So the negative would be computed as: + +Two's complement: invert all bits and add one. + +But since it's a signed 64-bit integer, subtracting from zero gives us the two's complement representation of -x29. + +So x31 will hold the value -0x40000000000000FE. + +Now, moving on to 'add x5, x31, #0xff'. + +So adding 0xFF (255) to x31 (-0x40000000000000FE). + +Let's compute this: + +-0x40000000000000FE + 0xFF = ? + +But perhaps it's easier to work in two's complement. + +Alternatively, since x31 is -0x40000000000000FE, adding 0xFF would result in: + +-0x40000000000000FE + 0xFF = ? + +This can be written as -(0x40000000000000FE) + 0xFF. + +Alternatively, since we're dealing with two's complement: + +Adding a positive number to a negative number. + +The result will depend on the magnitude. If 0xFF is less than |x31|, the result remains negative. + +In this case, x31 is - (0x40000000000000FE) which is a very large negative number. Adding 0xFF to it would make it slightly less negative, but still negative. + +So let's represent x31 as its two's complement form: + +In binary, 0x40000000000000FE is 010000000000000000000000000000000 \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/2262 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2262 new file mode 100644 index 000000000..b3dea6272 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2262 @@ -0,0 +1,17 @@ +<think> +Alright, so I'm trying to figure out how to classify this bug report. The user is having an issue with QEMU's Linux-user mode emulation for RISC-V32. They mentioned that when they run background jobs in a chroot environment, the shell hangs indefinitely. + +Looking at the details, they provided two code examples: `simple_shell.c` and `loop.c`. From what I understand, the shell is supposed to handle background processes by using `wait4` or `waitpid`, but it's not working as expected on RISC-V32 under QEMU. + +The strace output shows that there are repeated calls to `waitid` with flags like WNOHANG, which means it's checking for any completed child processes without blocking. The fact that it returns 0 repeatedly suggests that no processes are completing or being signaled correctly, leading the shell to loop indefinitely. + +In their reproducer, they mention that when they run a background job (like `./loop &`), the shell incorrectly reports that the job is done and then gets stuck in an infinite loop. The output shows `wait4 ret: 98298`, which doesn't make sense because on x86_64 or RISC-V64, it should return 0. + +So, considering the categories provided—instruction, syscall, runtime—the issue seems to revolve around how QEMU is handling system calls related to process management. Specifically, `waitid` and `wait4` are syscalls that aren't behaving as expected under emulation for RISC-V32. This would fall under a problem with system call handling in QEMU. + +Therefore, the category should be 'syscall' because it's an error in how these particular syscalls are being processed. +</think> + +The issue pertains to incorrect handling of `waitid` and `wait4` syscalls in QEMU's RISC-V32 emulation, causing background processes not to be managed properly. This is a system call-related problem. + +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/2333 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2333 new file mode 100644 index 000000000..bd7b07487 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2333 @@ -0,0 +1,23 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's break down what's happening here. + +The user is reporting that when they run their program under qemu-armeb (which emulates an ARM big-endian system), it crashes with a segmentation fault. They've identified that the issue occurs in the __clock_gettime64() function, specifically at line 42 of clock_gettime.c where it calls INTERNAL_VSYSCALL_CALL for vdso_time64. + +Looking at the stack trace, the crash happens during this VDSO call. The user also mentions that when they disable VDSO by rebuilding glibc without it, the problem goes away. This suggests that the issue is related to how QEMU handles the VDSO (Virtual Dynamic Shared Object) for ARM big-endian. + +VDSO is used to speed up certain system calls by handling them in userspace instead of making a full syscall into the kernel. If something's wrong with how QEMU implements this, it could cause crashes. + +The problem occurs only on qemu-armeb and not on qemu-arm (little endian), which indicates that there might be an endianness issue or some specific handling in QEMU for big-endian systems that isn't working correctly. + +Now, considering the categories: + +1. **Instruction**: This would involve a faulty instruction being executed. The crash is happening during a VDSO call, but it's not clear if the instruction itself is wrong. +2. **Syscall**: Issues with system calls could be related to how QEMU handles them, especially in big-endian mode. Since VDSO is part of optimizing syscalls, this might fit. +3. **Runtime**: This would cover other runtime errors not related to instructions or syscalls directly. + +Since the problem arises during a syscall (or rather, an optimized version via VDSO) and it's specific to how QEMU handles this in big-endian mode, I think the category is **syscall** because it's about the handling of system calls within the emulator. +</think> + +The bug report deals with how QEMU handles the VDSO for ARM big-endian systems during a syscall optimization. Therefore, the issue falls under the syscall category. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/2410 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2410 new file mode 100644 index 000000000..c4fd23311 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2410 @@ -0,0 +1,14 @@ +<think> +Okay, let's try to figure out what category this bug falls into. The user is having an issue where setting socket options on RISC-V QEMU gives a "Protocol not available" error, whereas it works fine on x64 Linux. + +So, first, looking at the problem description: they're using setsockopt with IP_OPTIONS on a SOCK_STREAM socket. According to the man page, this should work. But in QEMU, it's failing. The user also provided a link to the QEMU source showing that the relevant path is unimplemented. + +Hmm, so the error occurs when making a system call (setsockopt) which isn't properly handled by the emulator for RISC-V. That suggests it's not an issue with the application code itself but how QEMU handles this particular syscall on this architecture. + +Looking at the possible categories: instruction issues relate to specific CPU instructions; runtime errors are other runtime problems. But here, it's clearly a problem with handling a system call in the emulator. So the category is 'syscall'. +</think> + +The issue arises from how QEMU handles the setsockopt syscall on RISC-V, leading to an unimplemented path error. + +**Answer:** +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/2446 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2446 new file mode 100644 index 000000000..78442028c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2446 @@ -0,0 +1,21 @@ +<think> +Alright, let's break down this problem. The user is reporting an issue where QEMU isn't handling the `set_robust_list` system call properly. They've provided a test program that works on native Linux but fails when run in QEMU. + +First, I'll look at what `set_robust_list` does. It's used by glibc for robust mutexes, which are important for thread safety across process boundaries. If this syscall isn't implemented correctly in QEMU, applications relying on it will fail. + +The test program shows that on native Linux, both calls to `set_robust_list` work as expected. But when run in QEMU, the second call fails with "Function not implemented," indicating that QEMU doesn't support this system call at all. This means any application depending on robust mutexes won't function correctly under QEMU. + +Looking deeper, glibc uses `set_robust_list` during initialization to check for robust list support. If it's missing, functions like `pthread_mutex_init` with robust attributes will return `ENOTSUP`, preventing the use of these mutex types. This is critical because robust mutexes are vital for reliable process synchronization. + +Since QEMU emulates a system, it should accurately implement all necessary system calls to ensure compatibility. The absence of `set_robust_list` breaks this compatibility, especially for applications that rely on pthread robust features. + +So, the issue here is a missing or improperly implemented system call in QEMU's Linux user mode emulation. This directly affects runtime behavior because applications can't use certain pthread functionalities when running under QEMU. +</think> + +The bug report describes an issue where the `set_robust_list` system call is not properly handled by QEMU, leading to errors when applications try to use it. Since this relates to a specific system call implementation in QEMU, the category is: + +**syscall** + +The error occurs because the `set_robust_list` syscall isn't implemented in QEMU's user mode emulation for Linux targets. This affects applications that rely on robust mutexes provided by glibc, such as those using named locks or process-shared mutexes. + +To fix this, QEMU needs to implement the `set_robust_list` system call correctly in its Linux user mode codebase to ensure compatibility with applications expecting this functionality. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/2553 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2553 new file mode 100644 index 000000000..7be7e3d29 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/2553 @@ -0,0 +1,22 @@ +<think> +Alright, I'm looking at this bug report and trying to figure out what's going on. The user has code that joins an IP multicast group, but when they try to emulate it using QEMU for a 64-bit PowerPC system, it fails with ENODEV. They suspect the issue is related to how the `imr_ifindex` field in the `struct ip_mreqn` is handled during emulation. + +First, I need to understand what's happening here. The user provided their code, which works on a native x86_64 system but fails under QEMU emulation for PowerPC64. When they run it, the `setsockopt` call returns an error because the `imr_ifindex` isn't valid. + +Looking at the QEMU source code in `linux-user/syscall_defs.h`, I see that `struct target_ip_mreqn` uses `abi_long` for `imr_ifindex`. On PowerPC64, `long` is 64 bits, but on Linux, `imr_ifindex` should be a 32-bit integer. So the problem arises because QEMU isn't correctly marshaling this field when passing it to the host system call. + +The user also mentions that in the code, there's a check for `optlen` which allows sizes between `target_ip_mreq` (8 bytes) and `target_ip_mreqn` (16 bytes). However, the actual size is 12 bytes, causing QEMU to pass uninitialized data as part of the struct. This leads to an invalid `imr_ifindex`, hence the ENODEV error. + +So, breaking it down: + +- The issue is related to how system calls are handled by QEMU when emulating a different architecture. +- The problem occurs during the marshaling process of structs between target and host architectures. +- It's specifically about the `setsockopt` syscall not handling the struct correctly. + +Given these points, I think this falls under the "syscall" category because it involves an error with how system calls are implemented in QEMU. The problem isn't a faulty instruction or a runtime error but rather incorrect handling of a system call parameter. +</think> + +The bug report describes an issue where the `setsockopt` syscall fails due to incorrect struct marshaling for IP multicast on emulated 64-bit PowerPC systems. This is related to how QEMU handles system calls and their parameters, specifically the `struct ip_mreqn`. + +sys +call \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/570 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/570 new file mode 100644 index 000000000..439379a73 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/570 @@ -0,0 +1,11 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report from QEMU. The warning message says "TIOCSER_TEMT" is redefined in termbits.h at line 276. Hmm, TIOCSER_TEMT sounds like a termios constant used in serial port operations. + +I remember that the termios structure is related to terminal settings and I/O control operations. So, if this macro is being redefined, it's probably an issue with how certain system calls are handled or defined within QEMU. + +Looking at the possible categories: instruction, syscall, runtime. Since the warning is about a preprocessor symbol being redefined, which relates to system call definitions (like ioctl commands), I think this falls under the 'syscall' category. It's not an error in a specific instruction execution nor a general runtime error but rather an issue with how syscalls are set up or defined. +</think> + +The bug report involves a redefinition warning of a termios constant, which relates to system call definitions. + +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/602 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/602 new file mode 100644 index 000000000..ba2a107ad --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/602 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report for QEMU into one of three categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The issue is about translating host error numbers to target error numbers in IP_RECVERR and IPV6_RECVERR control messages. The user mentioned that `ee_errno` isn't translated, leading to mismatches between host (like x86_64) and guest (e.g., MIPS) systems. For example, ECONNREFUSED is 111 on the host but should be 146 on MIPS. + +Looking at the provided code snippet, it seems they're adjusting how error numbers are handled in system calls. The fix involves translating the errno using `host_to_target_errno`. + +Now, considering the categories: 'instruction' would relate to specific CPU instructions or assembly issues. This doesn't seem related since it's about error handling in syscalls. 'Runtime' could involve general runtime errors but isn't specific enough here. The problem is specifically with system calls and their error translations, so 'syscall' seems appropriate. + +Thus, the category should be 'syscall'. +</think> + +The bug report deals with translating error numbers in system call messages, which falls under system call handling. + +sysc \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/817 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/817 new file mode 100644 index 000000000..028116ce4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/817 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to classify this bug report for QEMU. The issue mentioned is about the 'waitid' function leaving the target siginfo uninitialized when info.si_pid is zero. Hmm, waitid is a system call in Linux used to wait for a child process and get information about its termination. + +So, the problem here seems to be related to how the siginfo structure is handled after using waitid. If si_pid is zero, that might mean the process ID isn't being set correctly or perhaps it's indicating some error condition where the info isn't properly initialized. + +Since the issue revolves around a system call (waitid) and its handling of the siginfo structure, I think this falls under a syscall category. The bug isn't about an instruction in code being wrong, nor is it a runtime error that occurs elsewhere during execution—it's specifically about how the system call interacts with data structures. + +Therefore, the category should be 'syscall'. +</think> + +The bug report discusses an issue related to the waitid system call and its handling of siginfo. Therefore, it falls under the syscall category. + +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/829 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/829 new file mode 100644 index 000000000..51898ec59 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/829 @@ -0,0 +1,21 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the problem description again to understand what's going on. + +The user is reporting an issue when running a test program under qemu-arm. The test involves creating a file in /tmp and then opening it using openat(). They mention that strace shows the path being prefixed with the sysroot, which is causing problems. Specifically, when they call openat(tmpfd, tmpfile_name), it fails because the fd points to a sysroot-prefixed path instead of just /tmp. + +So the problem arises from how the user space emulation in QEMU handles certain system calls, particularly those involving file paths and opening files. The issue seems to be related to path translation when using openat(), which relies on file descriptors that might have been modified by QEMU's sysroot handling. + +Looking at the categories: + +- Instruction: This would involve a problem with specific CPU instructions being incorrectly handled. +- Syscall: Issues related to system calls, possibly incorrect implementation or handling in the emulator. +- Runtime: Other runtime errors not covered by the above two. + +The problem here is specifically about how certain syscalls (like openat()) are being manipulated when using the sysroot. This points towards an issue with how these system calls are handled in the emulation layer, which would fall under syscall issues. + +Therefore, the bug report should be classified as a 'syscall' category. +</think> + +The issue arises from incorrect handling of system calls related to path translation in user space emulation, specifically affecting `openat()` and file descriptors. This falls under the category of syscall errors. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/833 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/833 new file mode 100644 index 000000000..18febe9ff --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/833 @@ -0,0 +1,21 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let's break down what's happening here. + +The problem is about the `sendmsg` system call failing in QEMU when there's no iov but ancillary data is present. In a normal Linux environment, it works fine, but under QEMU, the message without iov isn't sent, which causes issues for applications like the `ell` library that rely on this functionality. + +Looking at the steps to reproduce, they mention using `strace` and seeing that in QEMU, one of the `sendmsg` calls is missing. This suggests that QEMU isn't handling the `sendmsg` call correctly when the message has no data but includes ancillary information. + +The key point here is that the issue revolves around how QEMU handles a specific system call (`sendmsg`) with certain parameters. It's not about an incorrect instruction being executed or a runtime error like a segmentation fault; it's more about the syscall itself not behaving as expected in the emulator. + +So, considering the categories: + +- **Instruction**: This would relate to processor-level issues or incorrect assembly instructions, which doesn't seem to be the case here. +- **Syscall**: This involves how system calls are handled by the kernel or emulator. Since `sendmsg` is a syscall and the issue is about its behavior in QEMU, this fits. +- **Runtime**: This would cover errors that occur during program execution but aren't tied to specific syscalls. Again, since the problem is specifically with `sendmsg`, it's more aligned with syscall issues. + +Therefore, the bug is likely related to how QEMU emulates the `sendmsg` system call when certain parameters are provided. +</think> + +The issue pertains to how the `sendmsg` system call is handled in QEMU under specific conditions. This falls under how the system call is processed rather than an instruction-level or runtime error. + +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/911 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/911 new file mode 100644 index 000000000..859f5cec9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/911 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm looking at this bug report about QEMU not showing execve calls when using strace on a mipsel user-mode application. The user built QEMU from source, specifically version 6.2.0 and a later snapshot 6.2.90, with some specific configure options. They're trying to trace system calls made by their test application, which uses both system() and popen(), but the strace output doesn't show execve. + +Hmm, I remember that execve is a syscall that's used when executing a new program. It replaces the current process image, so it doesn't return on success—it instead starts the new program. That could explain why tracing it might be tricky because if the call succeeds, the tracer wouldn't see the return. + +Looking at the provided logs, in version 4.2.1 of QEMU, the execve calls do appear in the strace output. But in versions 6.2.0 and 6.2.90, they don't. So something changed between these versions that affects how QEMU handles tracing for this specific syscall. + +I'm thinking about what could cause this change. Maybe there were modifications to how QEMU intercepts syscalls or handles the execution flow after an execve. Perhaps a bug was introduced in handling strace for syscalls that don't return, like execve. + +Another angle is how safe_execve works. The user mentioned that it's not returning, which makes sense because execve doesn't return on success. But older versions could still capture the call. So maybe there was a regression where the tracing mechanism relies on the syscall returning to log it, but for execve, this isn't possible. + +So categorizing this bug: It's related to how QEMU handles syscalls during execution. Specifically, it's an issue with the strace functionality not capturing execve calls correctly. Since it's about a system call and its tracing, the category should be 'syscall'. +</think> + +The bug is related to the failure in capturing `execve` system calls when using strace in QEMU's mipsel user mode. This issue pertains to how QEMU handles syscalls during execution. + +sys \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/957 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/957 new file mode 100644 index 000000000..d6dd0eb2d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/957 @@ -0,0 +1,17 @@ +<think> +Okay, I need to figure out what category this bug falls into. The user provided a detailed problem where Python crashes during a rebuild using qemu-m68k. The error message is "The futex facility returned an unexpected error code." + +Looking at the log, it seems like there are multiple threads causing issues with futex calls. Futex is a system call used for synchronization in multi-threaded applications. The error message suggests that when the futex function returns an unexpected value, it's triggering an abort. + +The problem occurs during Python builds, which can be resource-intensive and involve many threads. The user mentioned that using MAKEOPTS=-j1 reduces the issue probability, implying concurrency is a factor. Also, running with qemu -systrace or QEMU_STRACE=1 decreases the error occurrence but not entirely. + +The logs show several futex calls with different operations (FUTEX_WAIT, FUTEX_WAKE, etc.), and some return errors like "Invalid argument." This indicates that the system is receiving unexpected results from these syscalls. + +Since the issue arises from how syscalls (specifically futex) are being handled by qemu-m68k, it's likely a problem with the syscall implementation in QEMU, not an instruction-level bug or a runtime error unrelated to syscalls. + +So, the category should be 'syscall' because it involves errors during system calls. +</think> + +The issue is related to errors occurring during system calls (specifically futex) within the qemu-m68k environment. The problem arises from unexpected return values in these syscalls, leading to runtime failures. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/manual-review/982 b/results/classifier/deepseek-r1:32b/reasoning/manual-review/982 new file mode 100644 index 000000000..b26afe5f1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/manual-review/982 @@ -0,0 +1,27 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU's --strace incorrectly decoding writev arguments on 32-bit machines when running 64-bit binaries. Let me go through the information step by step. + +The user provided a description where using strace with QEMU shows incorrect decoding of the writev system call arguments for 64-bit binaries on a 32-bit machine. The steps to reproduce include compiling the same code for different architectures and then running them under QEMU with strace. When they run strace, the output for writev is wrong in certain cases. + +Looking at the outputs: + +- For i686-main (32-bit), strace shows correct decoding. +- For x86_64-main (64-bit on a 64-bit host), strace also shows correct decoding with the nil pointer and address. +- But when using qemu-i386 --strace on the i686-main, it incorrectly decodes the arguments as addresses instead of showing the actual data. Similarly, for aarch64, it's not showing correctly. + +So the problem seems to be that QEMU is misinterpreting how the writev system call's arguments are being passed when running 64-bit binaries on a 32-bit emulator with --strace. This affects how strace displays the arguments, making them look like memory addresses instead of the actual data structures. + +Now, I need to categorize this bug. The options are instruction, syscall, or runtime. + +- Instruction: If it were an issue with a specific CPU instruction being wrong. +- Syscall: An error in handling system calls, possibly misinterpretation of parameters. +- Runtime: Other runtime errors not related to instructions or syscalls. + +This seems to be a problem with how QEMU handles the decoding of system call arguments for writev when using --strace. Since writev is a syscall and the issue arises during its processing under strace, it's likely a syscall-related error in the emulation. The incorrect display suggests that the arguments are not being parsed correctly by the strace mechanism in QEMU. + +So I think this falls under 'syscall' because it involves misdecoding the parameters of a system call when tracing. +</think> + +The bug report is about incorrect decoding of writev's arguments during --strace, which relates to how syscalls are handled. + +syscalls \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1010 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1010 new file mode 100644 index 000000000..b403f0514 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1010 @@ -0,0 +1,11 @@ +<think> +Alright, let's try to figure out what category this bug falls into. So the user is having issues with 9p mounts when using Lima and Docker VMs on macOS. The problem shows up as "Timer expired" errors or "Network dropped connection on reset" when trying to list directories inside the VM. + +Looking at the strace output, it seems that specific system calls are failing. In the first case, getdents64 is returning ETIME (Timer expired), and in the second scenario with a different protocol, lgetxattr is causing ENETRESET errors. + +The issue is happening during runtime when interacting with the mounted directory over 9p. Since it's related to system calls like getdents64 and lgetxattr failing due to network-related issues or timeouts, it seems more like an error occurring at runtime rather than a faulty instruction or a syscall definition problem. + +So, this bug is likely a runtime error because it's happening while the program is executing and interacting with the filesystem over the 9p mount. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1010484 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1010484 new file mode 100644 index 000000000..d0bb63b1e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1010484 @@ -0,0 +1,9 @@ +<think> +Okay, I need to classify this bug report about Slirp not accepting non-local DNS servers into one of the given categories: instruction, syscall, or runtime. + +Looking at the description, it says that Slirp doesn't allow a provided DNS address if it's outside the local network and suggests removing the check. The issue seems to be related to how Slirp handles DNS configuration during its operation, which happens while the software is running. + +The problem isn't about an incorrect instruction in code or a syscall error; it's more about runtime behavior when handling DNS addresses. Therefore, this falls under 'runtime' errors. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1027 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1027 new file mode 100644 index 000000000..82ab50965 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1027 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm looking at this bug report about QEMU on macOS needing to have an embedded plist. The user is explaining that macOS applications typically use an Info.plist file within their bundle to set various properties like the bundle identifier. They mention that for command-line binaries, you can embed this plist into the binary itself using a linker flag. + +The problem here seems to be that QEMU's executables don't have this embedded plist, which could cause issues with system features relying on it. The user suggests creating a plist file and embedding it during linking with `-sectcreate __TEXT __info_plist YourPlistFile.plist`. They also reference another issue (#334) where having the correct bundle identifier was important. + +Now, I need to classify this bug report into one of the categories: instruction, syscall, or runtime. + +Let me think about each category: + +- **Instruction**: This would be if there's a problem with a specific CPU instruction causing issues. +- **Syscall**: If the issue is related to system calls (like open, read, etc.) not working correctly. +- **Runtime**: Other errors that occur while the program is running. + +The bug here isn't about instructions or syscalls failing. It's more about the application setup and missing an embedded file that macOS expects. This affects how the system interacts with QEMU at runtime because without the plist, certain features won't work as intended. So, it's a runtime issue because it impacts the program's behavior while running on macOS. + +Therefore, this bug falls under the **runtime** category. +</think> + +The bug report discusses issues related to how QEMU executables are set up on macOS, specifically about embedding an Info.plist file. This affects system interactions and feature functionality when the binary runs. Thus, it is classified as a runtime issue. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1031920 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1031920 new file mode 100644 index 000000000..305cd8861 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1031920 @@ -0,0 +1,11 @@ +<think> +Okay, I need to classify this bug report about QEMU's gdbserver not responding to remote Ctrl-C interrupts. The user mentioned that when they run QEMU with gdbserver and connect via GDB, pressing Ctrl-C doesn't interrupt the program as expected. + +First, looking at the steps: They started QEMU with '-g 1234', connected GDB remotely, set a breakpoint, continued execution, then tried to interrupt with Ctrl-C. The program didn't stop, and they had to choose 'y' to give up. + +I think about what each category means. 'Instruction' is about faulty commands or instructions in the code, which doesn't seem directly related here. 'Syscall' would involve issues with system calls, but this seems more about interrupt handling during runtime. + +So it's likely a 'runtime' issue because it's happening while the program is running and interacting with GDB through QEMU. The problem occurs when trying to interrupt execution, which is a runtime operation handled by the debugger and emulator. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1034 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1034 new file mode 100644 index 000000000..517842640 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1034 @@ -0,0 +1,17 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report about QEMU failing when compiling Erlang/OTP 25 in user mode on AArch64. Let me read through the problem description carefully. + +So, the issue is that when using user mode emulation with QEMU, there's a segfault during the compilation of Erlang. The developers mentioned that this doesn't happen in system mode. They've tracked it down to something related to how QEMU handles JIT code regions and memory protection. + +The explanation says that QEMU dynamically translates guest code to the host architecture. When the guest overwrites code, the translation should be invalidated. For Erlang's JIT, they use two regions: one executable but not writable, and another writable but not executable. Both point to the same physical memory. Writes to the writable region are supposed to reflect in the executable one through some mechanism. + +The problem arises because QEMU isn't handling this correctly. In system mode, QEMU emulates the MMU and notices when the writable region is modified, so it invalidates the executable translations properly. However, in user mode, QEMU uses mprotect with PROT_READ on all code regions after translation. It relies on a signal handler to invalidate translations when writes occur. But since the code is only being written to the writable region (not the executable one), the translations aren't invalidated as they should be. + +The developers note that QEMU ignores certain instructions (IC IVAU / ISB) meant to tell the processor about code changes, and this causes issues specifically in user mode. + +Now, looking at the categories: instruction, syscall, runtime. The problem isn't directly about a faulty instruction being executed or an error with system calls. It seems more like an issue that happens during runtime when QEMU is handling memory protections and translation invalidation incorrectly. So it's related to how QEMU manages the JIT code regions and responds to writes in user mode. + +Therefore, I think this bug falls under the "runtime" category because it's about how the program behaves at runtime when certain conditions are met (like writing to specific memory regions without proper handling), leading to a segfault. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1041 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1041 new file mode 100644 index 000000000..fa58df527 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1041 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to classify this bug report related to QEMU. Let me read through it carefully. + +The issue is about the auxiliary vector's AT_PLATFORM being reported as i686 when using qemu-x86_64-static, whereas on a real x86_64 system, it should be x86_64. The user provided a code snippet that checks this value and shows the discrepancy. + +The problem occurs during runtime because when the program runs under QEMU, it's getting an incorrect platform string. This isn't related to an instruction being faulty or a syscall error; instead, it seems like QEMU is incorrectly setting the AT_PLATFORM value for 64-bit systems. + +Looking at the possible categories: instruction, syscall, runtime. Since this happens while the program is running (the auxiliary vector is part of the runtime environment), I think it falls under runtime errors. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1044 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1044 new file mode 100644 index 000000000..b944b1505 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1044 @@ -0,0 +1,17 @@ +<think> +Okay, so I have this warning message about libevent-loop-base.a having an empty table of contents, and it's related to QEMU. I need to classify this bug into one of three categories: instruction, syscall, or runtime. + +First, let me think about what each category means. + +- Instruction issues involve problems with specific CPU instructions causing errors. +- Syscall issues are about problems occurring during system calls. +- Runtime errors are other kinds of problems that happen while the program is running. + +The warning here is about a library file's table of contents being empty. That sounds like it's related to linking or how the program is built, not necessarily something happening at runtime when the program is executing instructions or making system calls. + +Since the problem is during build time and involves the static library (libevent-loop-base.a), it seems more like a linker issue or perhaps an issue with how dependencies are being handled. It's not directly about executing instructions or system calls, so it doesn't fit into instruction or syscall categories. + +Therefore, this would fall under runtime because it's affecting the program when it runs, even though the problem is during linking. The error isn't due to a specific instruction failing or a syscall issue but rather an environment setup problem. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1052857 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1052857 new file mode 100644 index 000000000..24f327471 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1052857 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU. The user has set up a powerpc chroot on a Debian system using debootstrap and copied in a statically linked qemu-ppc-static binary. When they run certain commands inside the chroot, like 'ls' after changing directory to home, it fails with an assertion error related to signal handling. + +The problem occurs during runtime when executing specific commands within the chroot environment. The error message mentions an assertion failure in the setup_frame function of signal.c. This suggests that there's something wrong with how signals are being handled or set up by QEMU when running on a 64-bit host for a powerpc target. + +I think this isn't about incorrect instructions because the issue arises during execution, not necessarily from compiling faulty code. It also doesn't seem to be directly related to a specific syscall failing; it's more about how the environment is handling signals. So the error occurs at runtime when trying to execute these commands, which makes me think it falls under 'runtime' errors. + +So, putting it all together, the bug seems to be happening during runtime due to incorrect signal frame setup in the QEMU user emulator. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1059 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1059 new file mode 100644 index 000000000..4bdd7b29f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1059 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out how to classify this QEMU issue that's happening on macOS when using Docker. The problem is that when someone tries to run a Docker image that uses QEMU internally, they're getting an error message: "qemu: uncaught target signal 6 (Aborted) - core dumped." + +First, I need to understand what each category means. The categories are instruction, syscall, and runtime. Let me break them down: + +1. **Instruction**: This would involve a problem with the instructions given, like incorrect commands or steps in the installation process. +2. **Syscall**: This refers to issues related to system calls, which are how programs interact with the operating system kernel. Errors here could be permissions issues or problems accessing certain OS features. +3. **Runtime**: These are errors that occur during the execution of a program, not necessarily due to instructions or syscalls but perhaps bugs in the software itself. + +Looking at the problem description: The user is installing BotFront locally on macOS using Docker and encountering this QEMU issue. They followed steps from the documentation, so it's likely not an instruction error unless there are specific steps that aren't handled well on macOS. + +The error message mentions a signal 6 (Aborted), which typically indicates that the program received an abort signal, often due to a runtime error like division by zero or accessing invalid memory. Since QEMU is involved and it's running inside Docker on macOS, there might be some compatibility issues with how QEMU interacts with the host system. + +QEMU can sometimes have problems when running on virtualized environments or specific OS setups. On macOS, Docker runs within a virtual machine (like the one provided by Docker Desktop), so QEMU might be having trouble with nested virtualization or resource allocation. This could lead to runtime errors because the environment isn't handling the resources as expected. + +I don't see any mention of incorrect commands in the steps, so it's probably not an instruction issue. It also doesn't seem directly related to a specific system call failing unless QEMU is making a problematic syscall on macOS. However, since it's a signal 6 (abort), it's more likely that the problem arises during runtime execution. + +So, putting this together, I think the classification would be **runtime**, as the issue seems to occur during the execution of QEMU within Docker on macOS. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1068900 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1068900 new file mode 100644 index 000000000..5c7d83879 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1068900 @@ -0,0 +1,17 @@ +<think> +Alright, let me try to work through this problem step by step. So, there's this issue with QEMU where thread cancellation isn't working properly when using app-level emulation. The user provided some details about how Linux handles certain signals and how QEMU is causing problems because it's interfering with those signals. + +First, I need to understand what the bug report is saying. It mentions that thread cancellation uses realtime signals in userspace on Linux. Realtime signals are numbered from SIGRTMIN to SIGRTMAX, and they're typically used for things like asynchronous notifications. But QEMU seems to be stealing some of these signals for its own use. That means when an application being emulated by QEMU tries to use these signals (like for thread cancellation), it doesn't work because QEMU has taken them over. + +The problem is that the signal handler can't be set in the guest application because when you try to use sigaction on the host, it rejects those signals. Also, sending these signals doesn't reach the emulated application but instead affects the libc/libpthread code running on the host, causing QEMU to crash. + +Now, the user suggests a solution where QEMU steals one realtime signal for itself and then multiplexes the other signals through this stolen one. This way, applications can still use all their realtime signals without conflict. + +Okay, so looking at the categories provided: instruction, syscall, runtime. The question is asking to classify this bug report under one of these. + +The issue here isn't directly about a faulty instruction (so not instruction), nor is it specifically about an error with a system call (syscall). It seems more like a problem that occurs during runtime when handling signals and thread cancellation within the emulation environment. So, I'm leaning towards 'runtime' because it's something that happens while the application is running, particularly related to how QEMU handles signal management. + +Another angle: since it involves signal handling and thread cancellation, which are runtime aspects, this reinforces the idea that it's a runtime issue rather than something at the instruction or syscall level. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1070 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1070 new file mode 100644 index 000000000..bd1755366 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1070 @@ -0,0 +1,15 @@ +<think> +Alright, let's try to figure out how to classify this bug report. The user provided some details about an issue they're encountering in QEMU related to GDBstub XML generation for ARM CPUs. + +First, I'll break down the information given. It seems that every time a vCPU is realized in user mode, the function `arm_cpu_register_gdb_regs_for_features` is called. This results in generating XML for each new thread unnecessarily. When there are many threads, like 100, this causes problems with large maps for QHT and PageDesc. + +Now, looking at the possible categories: instruction, syscall, runtime. The issue here isn't about a faulty instruction or a problem with system calls. Instead, it's about something happening during runtime—specifically, excessive XML generation that affects performance when many threads are involved. + +The bug doesn't involve incorrect instructions being processed or any issues with how system calls are handled. It's more about an operation (XML generation) that's being performed redundantly and causing inefficiency as the number of threads increases. + +So, putting it all together, this problem is occurring during runtime because it's related to how QEMU handles multiple threads in real-time execution. Therefore, the category should be "runtime." +</think> + +The issue is about redundant XML generation during runtime for multiple vCPUs, causing inefficiency. + +**Answer:** runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1072 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1072 new file mode 100644 index 000000000..df2c74102 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1072 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. Let me start by reading through the problem description carefully. The user is experiencing different behaviors when running QEMU directly versus using a remote debugger. Specifically, they're looking at whether stdout is a character special device (S_ISCHR) in their code. + +In approach 1, when they run QEMU without the debugger, the test for S_ISCHR returns False. But in approach 2, when using GDB to debug, it returns True. That's interesting because the same binary and setup should theoretically behave the same way regardless of whether a debugger is attached. + +The user provided the line from their code: if (((((st.st_mode)) & 0170000) == (0020000))). So they're checking the file mode bits. The question is, why does this condition evaluate differently when using GDB? + +I need to think about what could cause such a discrepancy. One possibility is that the environment in which the program runs changes when a debugger is attached. For example, certain file descriptors might be redirected or behave differently under debugging. + +Since the code is checking whether stdout is a character device, maybe the way QEMU handles file I/O differs when it's being debugged. Perhaps without the debugger, stdout isn't being treated as a TTY (which would make it a character special device), but with the debugger attached, it is. + +Alternatively, maybe there's an issue with how syscalls are handled in QEMU under different conditions. The remote debugger might interfere with certain system calls or file descriptor states. + +Looking at the possible categories: instruction, syscall, runtime. This seems more like a runtime issue because the problem arises during execution depending on whether a debugger is attached, not necessarily from a faulty instruction or a specific syscall error. It's about the environment affecting the program's behavior. + +So I think this falls under 'runtime' because it's an operational difference rather than a coding mistake or a specific system call failure. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1075 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1075 new file mode 100644 index 000000000..48ccee329 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1075 @@ -0,0 +1,34 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's break down what each of these means to make sure I get it right. + +The bug report is about trying to create a Kubernetes cluster using a ppc64le specific kind binary on an x86 host. The user followed several steps involving Docker, setting up QEMU, downloading binaries, and then trying to create the cluster with kind-linux-ppc64le. + +First, I should think about what each category entails: + +1. **Instruction**: This would involve issues with the actual commands or instructions given by the user. Maybe they made a typo, used the wrong command, or missed a step. +2. **Syscall**: This relates to errors during system calls, like when an application tries to interact with the operating system and something goes wrong there. +3. **Runtime**: These are issues that occur while the program is running, such as crashes, hangs, or unexpected behavior. + +Looking at the steps provided: + +- They reset QEMU user-static, which sets up the environment for running different architectures. +- Downloaded kind-linux-ppc64le and made it executable. +- Downloaded kubectl for ppc64le and set it up. +- Set KUBECONFIG and exported it. +- Tried to create a cluster with specific flags. + +The error seems to be happening when executing the `kind create cluster` command. The user also ran `kind export logs`, which suggests they were trying to troubleshoot further. + +Now, considering possible issues: + +- Since they're running on an x86 host and using ppc64le binaries, maybe there's a compatibility issue. Perhaps the kind binary isn't compatible with the x86 architecture when run this way. +- The problem could be in how QEMU is set up or if it's properly handling the emulation for ppc64le on an x86 host. + +If the issue was with system calls, we might see errors related to access permissions or missing shared libraries. However, the steps seem correctly executed: they made the binaries executable and set them in the right places. + +The error is more likely occurring during runtime when trying to create the cluster. Maybe kind is failing because it's not running properly on x86 despite being a ppc64le binary, or perhaps there's an issue with Docker images compatibility. + +So, putting it all together, this seems like a runtime issue because the problem arises when executing the command and creating the cluster environment. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1093 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1093 new file mode 100644 index 000000000..61358fb68 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1093 @@ -0,0 +1,15 @@ +<think> +Okay, so I have this bug report about QEMU and RISC-V. The issue is that when using qemu-user to run a program on RISC-V 64, the signal frame gets misaligned by 4 bytes instead of 16 bytes, which causes problems like UBSan pointer misalignment errors. + +Let me break down what's happening here. The user provided a C program that sets up a signal handler using sigaction with SA_SIGINFO flag, so it expects both info and context pointers in the handler. Then they deliberately misalign the stack by subtracting 4 from sp, which might be part of their test setup. + +When they run this under qemu-riscv64 and send SIGINT, the output shows that the signal frame isn't aligned properly. The addresses for info and context are at offsets that don't seem to be multiples of 16, which is what RISC-V typically requires for proper stack alignment. + +Looking deeper, the user mentioned that QEMU's source code points to this issue in the signal handling part. They reference a specific line where the constant might be set incorrectly—changing it from whatever it was to 15 would fix the alignment because 16-byte alignment requires shifting by log2(16)=4 bits, so mask with 0xf (which is 15) for proper alignment. + +Now, classifying this bug: It's related to how QEMU handles signals on RISC-V. The problem arises during runtime when the signal is processed. So it's not about an instruction being faulty or a syscall issue but rather something that happens while executing code—specifically in handling signals and their frames. + +Therefore, this falls under 'runtime' errors because it occurs during the execution of the program when the signal handler is invoked. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1095531 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1095531 new file mode 100644 index 000000000..eaca7cafe --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1095531 @@ -0,0 +1,19 @@ +<think> +Alright, let's try to figure out what category this bug falls into. The user provided some logs and code snippets from QEMU related to SPARC32plus on 64-bit hosts. They mentioned issues with load and store functions causing access violations. + +First, looking at the problem description: it seems that when compiling for a 64-bit host, the generated x86 code has incorrect handling of 32-bit operations. Specifically, in both examples provided, there's an instruction "mov %ebx,%ebx" which is redundant and doesn't seem to do anything useful. This might be causing issues because in 64-bit mode, operations that should handle 32-bit data aren't being managed correctly. + +The user tried disabling gen_address_mask(), but it made things worse. So the issue isn't just a missing mask; perhaps there's something else wrong with how addresses are calculated or how 32-bit values are extended in 64-bit registers. + +Looking at the categories: + +- **Instruction**: This would involve an incorrect instruction being generated. +- **Syscall**: Errors related to system calls. +- **Runtime**: Other runtime errors that aren't necessarily due to instructions or syscalls. + +The problem here doesn't seem to be a specific instruction error, but rather how data is being handled during execution. The redundant "mov" and the way 32-bit values are extended in 64-bit registers might lead to incorrect memory accesses, which would cause runtime errors like access violations. + +So it's more about what happens during the execution of the generated code rather than a specific instruction or syscall issue. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1098729 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1098729 new file mode 100644 index 000000000..e4928eafc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1098729 @@ -0,0 +1,22 @@ +<think> +Okay, so I'm looking at this problem where someone is running qemu-user-static for armhf and encountering segmentation faults in multi-threaded programs. They provided some details about their setup: they're using Debian testing on an x86_64 host with an armhf chroot managed by schroot. The program they're testing is a pthreads example, which works fine natively but crashes under qemu. + +The user compiled the same code in both environments and ran it. On the x86_64 host, everything works perfectly, even with Valgrind showing no errors. But when running on armhf via qemu, it segfaults or hangs sometimes. The error messages include things like assertion failures in QEMU's TCG code, specifically mentioning tcg_gen_goto_tb and tcg_temp_free_internal. + +I need to classify this bug into one of three categories: instruction, syscall, or runtime. + +First, let me understand what each category means: +- **Instruction**: This would involve issues with specific CPU instructions not being handled correctly by QEMU. +- **Syscall**: Problems related to system calls between the host and guest environments. +- **Runtime**: Other runtime errors that don't fall into the above two categories. + +Looking at the error messages, they're pointing to internal QEMU functions like tcg_gen_goto_tb and tcg_temp_free_internal. These are part of QEMU's TCG (Translation Cache Generator) which handles dynamic translation of guest code to host code. The assertion failures suggest that there might be some inconsistency in how temporary registers or translation blocks are being managed. + +The fact that the problem occurs in threaded code makes me think it could involve concurrency issues within QEMU, perhaps related to how multiple threads interact with the TCG state. Segfaults often point to memory management problems—invalid pointer accesses, use after free, etc. + +Since the errors are happening deep inside QEMU's translation process and not directly in a syscall or specific instruction handling, it doesn't seem like an instruction-level bug. It's also not about syscalls failing because the problem arises during the execution of the translated code rather than when making system calls. + +Therefore, this issue is more likely related to runtime errors within QEMU itself, particularly how it handles multi-threaded guest programs. The assertion failures point towards internal state management problems in TCG, which would fall under runtime issues. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1102 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1102 new file mode 100644 index 000000000..8332c18d9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1102 @@ -0,0 +1,24 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let's break down what's provided here. + +The issue is about QEMU crashing when running a specific .so file with certain PT_LOAD segments that have MemSiz greater than FileSiz and are not writable. The problem occurs because in the elfload.c file, specifically at line 2097, there's code that zeroes out memory without checking if it's writable. + +Looking at the code snippet: +``` +if (host_start < host_map_start) { + memset((void *)host_start, 0, host_map_start - host_start); +} +``` +This part is trying to zero out the BSS segment, which is common in ELF loading. However, if the memory isn't writable, writing to it with memset will cause a segmentation fault. + +The problem happens during runtime when QEMU tries to execute the program and encounters this situation. It's not an issue with a specific instruction or a syscall; rather, it's an error that occurs while running the program due to incorrect handling of memory permissions. + +So, considering the categories: +- Instruction: Not applicable because it's not about a faulty CPU instruction. +- Syscall: Doesn't involve system calls directly. +- Runtime: This fits because the crash happens during execution when QEMU processes the ELF file. + +Therefore, the category is runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1128 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1128 new file mode 100644 index 000000000..7d0f30ec2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1128 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the problem description again carefully. + +The issue is about the `spr_write_xer()` function not setting certain flag bits in `cpu_xer`. The user mentions that when they write a value to XER using `mtxer`, these flags aren't being updated correctly. They also note that while this doesn't affect execution because `spr_read_xer()` uses separate variables, it causes problems for tools tracing the execution. + +Looking at the code reference provided, lines 480-483 in translate.c show how `spr_write_xer` is implemented. It seems that instead of setting the flag bits directly into `cpu_xer`, the function excludes them by using a bitwise NOT operation with `~0x...`. This means that those specific bits are not copied from the source GPR, which might be causing the issue. + +The bug doesn't involve a faulty instruction being executed or a problem with system calls. Instead, it's about how certain flags are handled during runtime when writing to XER. The incorrect handling of these flags affects debugging tools that rely on `cpu_xer` having accurate values. + +So, this is more related to how the CPU state is managed during execution rather than an issue with instructions or syscalls themselves. Therefore, it falls under a runtime error. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1143 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1143 new file mode 100644 index 000000000..4fb9eeb5b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1143 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm looking at this bug report about QEMU ignoring some breakpoints when the function starts on one memory page and the breakpoint is set on another. The user describes that they have a function __gnat_debug_raise_exception which starts at 0x10bff2, and they set a breakpoint at 0x10c00e, which is in a different page. When running with QEMU and GDB, the breakpoint isn't being hit as expected. + +From the logs provided, when the function is called, it seems that QEMU executes the entire function without stopping at the breakpoint. However, if another breakpoint is set within the same page (like 0x10bffd), then the execution steps normally and hits the second breakpoint. + +The user also mentions digging into the QEMU translator code and thinks it might be related to how the translator handles breakpoints across different pages. They suspect that `check_for_breakpoint` isn't checking correctly if the entire function is within a single page before deciding to execute in step mode or not. + +So, considering the categories: instruction, syscall, runtime. This seems like an issue with how QEMU handles breakpoints during execution. It's related to the runtime behavior of the emulator, particularly when dealing with memory pages and breakpoints set across different pages. + +I don't think it's a faulty instruction because the instructions themselves seem to be executed correctly; it's more about the breakpoint handling. Syscall issues are about system calls not working as expected, which doesn't seem relevant here. Therefore, this falls under runtime errors because it occurs during the execution of the program when interacting with breakpoints across memory pages. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1147 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1147 new file mode 100644 index 000000000..37025fd77 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1147 @@ -0,0 +1,20 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report for QEMU. Let's break it down step by step. + +First, the issue occurs when running an x86_64 emulator on an aarch64 host, specifically using Asahi Linux on an M1 Macbook Pro. The error message mentions that during execution, there's an assertion failure: `cpu == current_cpu`. This seems to happen only with certain binaries like `apt-get`, while others like `ls` work fine. + +I know that QEMU handles CPU emulation through its TCG (Translation-Compilation-Generation) accelerator. The assertion failing suggests a problem in how the CPU state is being managed during execution. Since it's happening on an M1 chip, which uses big.LITTLE architecture and has a 16K page size, maybe there are some memory alignment or context switching issues. + +When recompiled with clang instead of gcc, another error occurs related to RCU (Read-Copy-Update) in the `rcu_read_unlock` function. This points towards concurrency or synchronization problems within QEMU's code when using different compilers. RCU is used for safely updating shared data structures, so perhaps there's an issue with how readers and writers are handling locks. + +The fact that it works on VMs under macOS but not on bare metal suggests that the host environment plays a role. The 16K page size could affect memory management in QEMU, especially if certain assumptions about page sizes are hardcoded or not properly handled during emulation. + +Considering possible categories: +- **Instruction**: If there's an issue with how specific instructions are emulated. +- **Syscall**: Problems when making system calls within the emulator. +- **Runtime**: General runtime errors not directly tied to instructions or syscalls. + +The error seems more like a runtime problem because it's related to CPU state management and RCU assertions, which are internal mechanisms for handling concurrency. It doesn't seem to be a specific instruction issue or a syscall failure but rather an internal QEMU process going wrong during execution. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1165383 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1165383 new file mode 100644 index 000000000..fc32b2140 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1165383 @@ -0,0 +1,7 @@ +<think> +Okay, I need to classify this bug report about QEMU. The user says that running 'qemu-1.4.0/i386-linux-user/./qemu-i386' causes a segmentation fault. Segfaults are usually runtime issues because they happen while the program is executing. + +Looking at the categories: instruction, syscall, runtime. Since it's a segfault during execution, not related to instructions or syscalls specifically, it falls under runtime errors. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1172613 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1172613 new file mode 100644 index 000000000..ba97aa8f3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1172613 @@ -0,0 +1,17 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report for QEMU. The user provided several examples across different architectures—armhf, powerpc64, and sparc64. In each case, they're compiling a simple C program with a cross-compiler and then running it under QEMU. + +For armhf, when they run `qemu-arm ./a.out`, it fails because it can't find `/lib/ld-linux-armhf.so.3`. But by specifying the correct ld library and using `--library-path`, it works. So, that's a bit inconsistent but manageable. + +Then for powerpc64, running `qemu-ppc64 ./a.out` gives a missing `/lib64/ld64.so.1`. When they try to run it with the ld library specified directly, it results in a segmentation fault with an invalid memory access. But when using `--library-path`, it works. + +Similarly, for sparc64, running without specifying ld fails, and even with just the ld path, it segfaults, but adding `--library-path` makes it work. + +So, what's happening here? It looks like QEMU isn't correctly handling the dynamic linker (ld) in these cases. The first attempt tries to find the ld in a default location which doesn't exist on the host system. Then, when they manually specify the ld path, it works for some architectures but not others. + +The problem seems related to how QEMU is setting up the environment or executing the binary with the correct dynamic linker and library paths. It's not an issue with instructions being faulty or syscalls failing per se, but rather runtime setup—how the process is initialized when running under QEMU. + +Therefore, this bug is about runtime errors, specifically in how QEMU handles the execution setup for different architectures, leading to missing ld files or incorrect memory accesses. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1182490 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1182490 new file mode 100644 index 000000000..d8012cde4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1182490 @@ -0,0 +1,11 @@ +<think> +Alright, I'm looking at this bug report for QEMU version 1.5. The issue seems to be related to a crash happening in the coroutine-win32.c file on Windows. + +The error occurs when qemu_coroutine_switch is called with a 'to_' parameter set to NULL. Specifically, it crashes at line 47 where it tries to assign 'action' to 'to->action'. Since 'to_' is NULL, accessing its members would cause a segmentation fault. + +Looking at the backtrace, the crash happens in coroutine_trampoline when it calls qemu_coroutine_switch with 'to_' as NULL. This suggests that somewhere in the code, this function is being passed an invalid or uninitialized coroutine pointer. + +The possible categories given are instruction, syscall, and runtime. Since the issue arises from a runtime error due to a null pointer dereference, it falls under the 'runtime' category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1187319 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1187319 new file mode 100644 index 000000000..b1ce44a2f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1187319 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU. The user mentioned that pressing Ctrl-Alt-- and Ctrl-Alt-+ doesn't do anything in SDL, even though the manual says they should shrink or enlarge the window. They also tried other key combinations like -/= with shift and without, and even checked the numpad but nothing worked. Their keyboard layout is US intl with AltGr dead keys, and QEMU version 1.5.0. + +First, I need to understand what's going on here. The problem is that certain key combinations aren't working as expected in the SDL interface of QEMU. The user expects these shortcuts to adjust the window size but they don't work. + +Now, looking at the possible categories: instruction, syscall, runtime. + +- Instruction refers to a faulty manual description. Here, the manual says the shortcuts should work, so if the issue is that the instructions are wrong, it would be an 'instruction' bug. +- Syscall errors relate to system calls failing, which doesn't seem relevant here since the problem is about keyboard input handling. +- Runtime issues involve other runtime errors, like crashes or incorrect behavior during execution. + +The user's main issue isn't with the manual being wrong (though they might think it is), but rather that QEMU isn't responding correctly to these key presses. So this seems more like a runtime error because the program isn't behaving as intended when those keys are pressed. It could be a bug in how SDL handles certain key combinations or how QEMU processes them. + +Therefore, the category should be 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1207896 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1207896 new file mode 100644 index 000000000..395538c23 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1207896 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU and a patch related to binfmt wrapper handling. The user provided some context, mentioning that 99% of GNU/Linux distributions use QEMU with this patch because it's 100% needed. They've been waiting two years for the patch to be applied upstream. + +First, I need to understand what the bug is about. It seems related to how QEMU handles argv[0], which is the program name passed to a process. The patch probably fixes an issue where QEMU doesn't correctly set or handle this value when running as a binfmt wrapper. + +Looking at the categories provided: instruction, syscall, runtime. + +- Instruction issues involve incorrect CPU instructions or assembly code. +- Syscall errors are about problems with system calls in the OS. +- Runtime errors are broader issues that occur while the program is running. + +This bug doesn't seem to be related to specific CPU instructions or system call handling. Instead, it's more about how QEMU interacts with the environment when executing programs, specifically how argv[0] is managed. This would fall under runtime because it's an issue encountered during execution rather than a problem with low-level operations. + +So, I think the category should be 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1209 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1209 new file mode 100644 index 000000000..9be381060 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1209 @@ -0,0 +1,9 @@ +<think> +Okay, so I have this bug report about QEMU not clearing the screen when starting a VM. Let me think about how to classify it. The options are instruction, syscall, or runtime. + +First, what does the bug say? It's optional not to clear the screen when starting a VM. So it's more of an operational issue rather than something like a crash or incorrect computation. + +Looking at the categories: instruction relates to wrong instructions in code, syscall is about errors with system calls, and runtime covers other runtime issues. Since this is about how the emulator behaves during operation without crashing or making mistakes in processing, it falls under runtime. It's not about an incorrect instruction executing nor a problem with syscalls; it's more of a functional behavior issue. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1211 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1211 new file mode 100644 index 000000000..09ea8c6ac --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1211 @@ -0,0 +1,13 @@ +<think> +Okay, I'm trying to classify this bug report about bad fonts on a "cirrus" VGA card in QEMU. Let me go through it step by step. + +The problem is described as similar to another issue (#988), and it's fixed by setting specific options in the XF86Config file: "no_bitblt" and "sw_cursor". The user mentioned that these changes resolved the font issues. + +First, I need to figure out what category this falls under. The categories are instruction, syscall, or runtime. + +The issue here is about the display of fonts on a virtualized VGA card in QEMU. The fix involves modifying configuration settings rather than code execution or system calls. So it's not an instruction issue because there's no faulty CPU instruction mentioned. It's also not a syscall error since the problem doesn't involve system calls failing; instead, it's about how the graphics are rendered. + +Since the problem occurs during runtime when the virtual machine is running and using the Cirrus VGA card, it's related to how the software handles certain operations at that time. The configuration changes affect how the display driver behaves during runtime, so this seems like a runtime error category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1221966 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1221966 new file mode 100644 index 000000000..2ca0a7f32 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1221966 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to figure out what category this bug report falls into. The user provided some details about running QEMU on SunOS 5.8 under RHEL 6.4 and encountering a segmentation fault when executing commands like 'ls'. They ran it through GDB and got a backtrace pointing to static_code_gen_buffer. + +Hmm, the crash happens in static_code_gen_buffer, which I think is related to code generation in QEMU. The stack trace shows that it's within cpu_tb_exec and then into some SPARC-specific execution loops. Since it's during runtime when executing guest code, this doesn't seem to be a problem with a specific instruction or a syscall error. + +Wait, the possible categories are instruction, syscall, or runtime. So if it's not an issue with handling a system call (syscall) and it's not about executing a particular instruction (instruction), then it must be a general runtime error. Maybe something wrong during code generation or execution flow. + +Yes, static_code_gen_buffer is part of the code generation process for translated blocks. If that's segfaulting, it might be an issue with how QEMU generates or handles the generated code at runtime, not necessarily tied to any specific instruction or system call. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1228 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1228 new file mode 100644 index 000000000..f52347bcc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1228 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm looking at this bug report about QEMU and the curses display not recognizing escape sequences properly. The user is having trouble exiting using certain key combinations when running in -display curses mode. They tried various methods from the documentation but nothing works as expected. + +First, I need to understand what's happening here. When using the graphical display, everything works fine, but with curses, it doesn't. That suggests there might be something specific about how curses handles input compared to the graphical interface. + +They mentioned that they're running this on a Linux machine (Ubuntu) via Visual Studio Code or SSH from macOS. I know that terminal emulators can sometimes interpret key presses differently, especially regarding escape characters and modifiers like Ctrl, Alt, etc. So maybe there's an issue with how these keys are being translated through the terminal. + +The tests they did using showkey are interesting. When pressing Alt + 2 via a mobile SSH client, it shows escape followed by 2 (^[2). But when using Option + 2 from macOS Terminal over SSH, it just shows @ (which is ASCII 64). Similarly, pressing Esc + 2 gives the same as Alt + 2. + +Hmm. So on macOS, pressing Option + 2 sends a different sequence than what QEMU expects. When they press ESC and then 2 quickly, it works. That makes me think that QEMU's curses display is expecting certain escape sequences but isn't handling them correctly when received through SSH from macOS. + +I wonder if this has to do with how the terminal is configured or perhaps a bug in how QEMU processes these escape sequences under certain conditions. Maybe the timing or the way the input is read in curses mode isn't handling the escape characters properly when they come from an SSH session, especially when the client is on macOS. + +The user also mentioned that it works if they press ESC + 2 exactly at the same time, which suggests that QEMU might be expecting a single key press with modifiers rather than interpreting sequences. So maybe the issue lies in how curses or the terminal is handling these multi-byte escape sequences. + +Looking at the possible categories: instruction, syscall, runtime. Since this seems to be an error that occurs while the program is running and interacting with input, it's likely a runtime issue. It doesn't seem to be related to a faulty instruction in the code or a problem with system calls directly. Instead, it's about how inputs are processed during runtime. + +So I think this falls under the 'runtime' category because it's an error that happens while QEMU is running and handling user input via the curses display. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1233225 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1233225 new file mode 100644 index 000000000..875f97080 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1233225 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU. The user provided a C program that's supposed to print 0.5 but instead prints 2.0 when run under QEMU's user mode for MIPS and MIPSel architectures. They tested it on Debian with both amd64 and i386 chroots, and the issue persists. + +First, I'll read through the problem again. The code is simple: an integer a=1 divided by 2.0 as a double, which should be 0.5. But when run in QEMU user mode, it's outputting 2.0. However, when running the same binary inside a fully emulated Debian environment using QEMU, it works correctly. So the issue is specific to QEMU's user-mode emulation. + +The user suspects it might be a problem with their cross-compiler (gcc-4.4), but they tested both cross-compiling and compiling natively within an emulated environment, which worked. Thus, the problem lies elsewhere—specifically in how QEMU handles the execution when running in user mode versus full system emulation. + +Now, looking at the possible categories: instruction, syscall, runtime. + +- Instruction issues would involve problems with specific CPU instructions being misinterpreted or executed incorrectly. +- Syscall issues would relate to system calls not working as expected between the host and guest environments. +- Runtime errors are other kinds of problems that occur during execution but aren't tied directly to instructions or syscalls. + +The problem here seems to be related to how floating-point operations are handled in user mode. Since dividing 1 by 2.0 is a straightforward operation, it's likely not an instruction issue because the same binary works in full emulation. It might involve how QEMU handles floating-point registers or data types when running in user mode. + +Another angle: maybe there's an issue with how QEMU translates the MIPS floating-point division into the host architecture (amd64) during user-mode execution. In full system emulation, all instructions are emulated accurately, but in user mode, perhaps some optimizations or translation layers cause this miscalculation. + +So considering it's a runtime error because it's something that happens while the program is running, not specifically tied to an instruction or a syscall failure. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1245703 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1245703 new file mode 100644 index 000000000..8fbaa9213 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1245703 @@ -0,0 +1,19 @@ +<think> +Okay, I need to classify this bug report for QEMU into one of three categories: instruction, syscall, or runtime. Let me read through the problem again to understand what's happening. + +The user is using QEMU-user emulation with the -L option pointing to a sysroot directory that includes proc and dev filesystems. They notice that QEMU starts consuming a lot of memory until it gets killed by the kernel. The strace output shows that QEMU is following symbolic links in the proc filesystem, leading to an endless recursive loop. + +The user suggests modifying the function "add_dir_maybe" in util/path.c to avoid following symbolic links. They also mention that this issue causes a significant waste of resources because QEMU loads over 20,000 directory entries every time it's started. + +Now, thinking about the categories: + +- Instruction: This would involve issues with how commands or instructions are handled. +- Syscall: Problems related to system calls made by QEMU. +- Runtime: Errors that occur during runtime, such as memory leaks or infinite loops. + +The issue here is an endless loop caused by recursively reading directories, specifically following symbolic links in proc. This leads to high memory usage and a crash. It's happening while QEMU is running, so it's a runtime problem rather than an instruction or syscall error. + +So the category should be "runtime." +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1246990 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1246990 new file mode 100644 index 000000000..e5b0aaeeb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1246990 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to help classify this bug report for QEMU. Let's see what information I have here. + +The user is encountering a segmentation fault when running rjsupplicant using qemu-x86_64-linux-user version 1.6.1. They compiled QEMU with debug enabled and specific target options. The error occurs when executing the program, which results in a core dump. + +Looking at the gdb backtrace, it points to the function static_code_gen_buffer() and then into cpu_tb_exec(), which is part of the CPU execution code in QEMU. This suggests that the issue might be related to how QEMU is handling the translation or execution of machine code. + +The binary rjsupplicant is an ELF 64-bit executable, so it's a native x86_64 binary. Since it runs successfully on Linux amd64 without QEMU, the problem seems specific to the QEMU user mode emulation. + +The categories provided are instruction, syscall, and runtime. Instruction would imply there's an issue with how a specific CPU instruction is handled. Syscall issues relate to system calls not being properly emulated or causing errors. Runtime refers to other runtime errors that don't fall into the first two. + +In this case, the segmentation fault occurs during code execution within QEMU's static_code_gen_buffer function, which is part of the just-in-time (JIT) compiler used by QEMU for translating machine code. This points towards an issue with how the JIT is handling the translation or generation of code blocks, possibly leading to invalid memory accesses. + +Since it's a segmentation fault and it's happening within QEMU's own functions related to code execution rather than during a system call, I don't think it's a syscall error. It also doesn't seem to be a specific instruction issue because the backtrace doesn't point to any particular CPU instruction handling but rather to the JIT buffer management. + +So, considering all this, the bug is likely related to runtime errors in QEMU's execution loop or JIT code generation. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1248 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1248 new file mode 100644 index 000000000..84e8f235d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1248 @@ -0,0 +1,14 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. The problem is about glibc's wide-string functions like wcsbrk(), wcsspn(), and wcscspn() being broken under QEMU user emulation on s390x architecture. + +The description mentions that these functions are implemented in optimized assembler in glibc. Since the issue arises when running under QEMU, it suggests a problem with how the emulator handles certain instructions or operations related to these functions. + +Looking at the categories: +- Instruction: This would relate to faulty processor instructions. +- Syscall: Issues with system calls. +- Runtime: Other runtime errors not falling into the above two. + +The bug report doesn't specify issues with syscalls but points to problems with specific wide-string functions implemented in assembler. Since these are part of the runtime environment and involve assembly-level operations, it's more likely a runtime issue rather than a problem with instructions or system calls. The fact that the behavior isn't detected on real hardware implies it's an emulation-specific runtime error. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1254672 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1254672 new file mode 100644 index 000000000..b18905546 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1254672 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to help classify this bug report related to QEMU. Let me read through it carefully. + +The user is running Ubuntu Precise AMD64 as the host and has set up a Debian Testing armhf guest using debootstrap with qemu-armhf-static. When they enter the chroot environment and run 'ps', it causes a segmentation fault. The error message mentions that the procps-ng version 3.3.4 caught the signal 11 (SEGV). + +The user suspects that the issue might be in QEMU rather than procps because they couldn't find an existing bug report for procps. They also mention that this isn't just a minor inconvenience; it affects package installations via apt-get, which is pretty critical. + +Now, looking at the possible categories: instruction, syscall, or runtime. + +- **Instruction**: This would be if there was an error in how something was done, like a faulty command or procedure. +- **Syscall**: If the issue were related to system calls going wrong when interacting with the kernel. +- **Runtime**: For issues that occur during execution but aren't necessarily due to instructions or syscalls. + +In this case, 'ps' is crashing inside the chroot. Since it's using qemu-armhf-static, which emulates an ARM environment on an x86_64 host, any issues here are likely related to how QEMU handles system calls or executes processes in the guest environment. The segmentation fault suggests a problem in memory access or instruction execution within the emulator. + +I think this falls under **runtime** because it's happening while running 'ps' inside the chroot, which is part of the runtime environment provided by QEMU. It's not a faulty user instruction but rather an issue during normal operation. +</think> + +The bug report describes a segmentation fault occurring when executing `ps` in a QEMU-emulated environment. This issue happens at runtime within the emulated guest system. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1254828 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1254828 new file mode 100644 index 000000000..5d50d8376 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1254828 @@ -0,0 +1,23 @@ +<think> +Okay, I'm looking at this bug report about a segmentation fault occurring during the second stage of debootstrap when setting up a sparc64 Debian Sid guest on an Ubuntu Precise amd64 host using qemu-sparc64-static. The user provided the terminal output showing that the chroot command leads to a segmentation fault, and even a simple "sudo chroot sparc64" exits silently on amd64 but reports a segfault on i386. + +First, I need to classify this bug into one of the categories: instruction, syscall, or runtime. The error is happening during the execution of debootstrap's second stage inside the chroot environment. The segmentation fault suggests that there's an issue with memory access—perhaps a null pointer dereference or invalid memory reference. + +Looking at the process: + +1. **Instruction category**: This would involve issues with specific instructions in the code causing problems. For example, if a particular assembly instruction was faulty and caused the crash. +2. **Syscall category**: This relates to errors when making system calls. If the guest environment is calling a syscall that isn't handled correctly by the host or emulator, it might cause a segfault. +3. **Runtime category**: This covers other runtime issues that aren't specific instructions or syscalls. For example, if there's an issue with how the code is handling memory or data structures during execution. + +In this case, the problem arises when executing commands inside the chroot environment emulated by QEMU. The segmentation fault occurs in debootstrap, which is trying to execute a script but can't open a file and then crashes. Since it's happening within the guest environment's process, it's more likely related to how the emulator handles system calls or processes rather than a specific instruction. + +However, considering that the issue occurs when running under qemu-sparc64-static, which is an emulator for sparc64 binaries on an amd64 host, it could be related to how the emulator translates syscalls from the guest architecture (sparc64) to the host's syscalls. If there's a mismatch or incorrect translation, this might lead to unexpected behavior, including segfaults. + +But wait, another angle: when running the chroot environment, it's supposed to use the qemu-sparc64-static as the interpreter for sparc64 binaries. However, if the setup isn't correctly emulating the necessary environment, commands run inside the chroot might not behave as expected. For instance, if certain system calls aren't being translated properly or if there's an issue with how the emulator interacts with the host's filesystem. + +The error message indicates that /usr/share/debootstrap/functions can't be opened, but that's a script-related issue. However, the immediate cause of the segmentation fault is likely due to how the emulator handles the execution of this script inside the chroot. If the emulation layer isn't correctly setting up the environment for scripts or if there's an incompatibility with how the shell (dash or bash) runs under emulation, that could lead to a segfault. + +So, putting it together: The issue is occurring at runtime when attempting to execute the script inside the emulated environment. It's not specifically due to a faulty instruction or a syscall error but rather an issue in how the emulator handles the execution of processes and scripts within the chrooted environment. This would fall under the **runtime** category because it's about how the code is executing, including process management and environment setup. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1255 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1255 new file mode 100644 index 000000000..ddba65ed9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1255 @@ -0,0 +1,23 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let's go through it step by step. + +The problem occurs when running systemctl under qemu-arm, and the error message is about memory allocation failure: "Allocating guest commpage: Cannot allocate memory." + +First, looking at the steps to reproduce: The user compiles qemu from the latest git with specific configurations, then runs systemctl inside qemu. The error happens in versions 5.1.0 and 6.1.0 but not in 5.0.0. They also mention that adding the -B option (which I think is for setting a base address) avoids the issue. + +The user thinks it's related to Issue 690, which I should probably look up if possible, but since I can't access external links, I'll assume it's a known memory allocation problem in qemu. + +Now, considering the categories: + +1. **Instruction**: This would involve issues with specific CPU instructions not being handled correctly by qemu. But the error here is about memory allocation, not instruction execution, so probably not this category. + +2. **Syscall**: Errors related to system calls made by the guest OS that qemu doesn't handle properly. The problem seems more like a resource allocation issue rather than a syscall handling problem. However, I'm not entirely sure yet. + +3. **Runtime**: This category covers other runtime errors not fitting into instruction or syscall issues. Since the error is about memory allocation during runtime (specifically when allocating the commpage), this might be the right category. + +The fact that changing the base address (-B option) fixes it suggests it's a memory management issue within qemu, possibly related to how it's handling virtual memory for the guest. It doesn't seem to be a system call failure but rather an internal allocation problem during runtime. + +So, putting it all together, this bug is likely a runtime error because it's about memory allocation failing while running the application under qemu. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1261743 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1261743 new file mode 100644 index 000000000..12183d8d4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1261743 @@ -0,0 +1,17 @@ +<think> +Alright, let's try to figure out how to classify this bug report. So, the issue is about QEMU and specifically relates to the trace backend "simple". The user mentioned that when the "disable" property is used in a trace-events record, the simple backend doesn't handle it properly. This leads to generating incorrect event IDs in the generated-tracers.c file, resulting in missing or mixed logs in the trace file. + +Hmm, first I need to understand what each category means here. The categories are instruction, syscall, and runtime. + +- **Instruction**: This would be about a specific command or operation that's faulty. Like if there was an incorrect assembly instruction causing issues. +- **Syscall**: This relates to system calls, which involve interactions between user space and kernel space. If the bug was due to a wrong system call or handling thereof, it'd fall here. +- **Runtime**: These are errors that happen during the execution of the program, not necessarily at compile time or during specific instructions. + +Looking back at the problem: The issue is with how the trace backend handles a property change (disable) in the trace events. This causes incorrect event IDs to be generated, leading to logs being messed up. + +So, the error occurs when certain conditions happen at runtime—specifically, when the disable property is set. It's not an issue during compilation or related to system calls. Instead, it's how the backend processes these events while running. + +Therefore, this seems like a runtime error because it happens dynamically as the program executes and affects how tracing logs are generated. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1263747 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1263747 new file mode 100644 index 000000000..e96eeb071 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1263747 @@ -0,0 +1,19 @@ +<think> +Alright, I'm trying to figure out why this binary runs fine on real hardware but not in QEMU. The user mentioned it's an aarch64 binary that prints "hello, world" and exits, which works on actual hardware but loops forever in QEMU using 100% CPU. + +First, the binary is statically linked, so it doesn't depend on external libraries. That probably means the issue isn't with shared libraries or system calls related to dynamic linking. It uses OCaml, which I'm not super familiar with, but I know it's a functional programming language that compiles to bytecode and then runs via an interpreter. + +The user provided steps to compile OCaml from source, noting that you have to compile it on aarch64 or in QEMU because cross-compilation isn't possible. They also mentioned applying a patch. Maybe the issue is related to how the OCaml runtime interacts with QEMU's emulation. + +When the binary runs under QEMU, it doesn't print anything and loops, which suggests some kind of infinite loop or hang. Since it uses 100% CPU, it's likely stuck in a loop without progressing. This could be due to a bug in how QEMU handles certain instructions or system calls related to OCaml's runtime. + +I'm thinking about possible categories: instruction, syscall, runtime. The problem might not be with a specific instruction because real hardware runs fine. It also doesn't seem like a syscall issue since the binary is static and probably doesn't rely heavily on syscalls beyond standard ones. So, maybe it's a runtime error in QEMU. + +Perhaps the OCaml runtime uses certain features or instructions that aren't properly handled by QEMU. Maybe there are some optimizations or specific instruction sequences that cause QEMU to misbehave. Since the user said applying a patch was necessary during compilation, perhaps the issue relates to how QEMU emulates the CPU or handles certain operations. + +Another angle: static linking might have different behaviors in emulation versus real hardware, but I'm not sure. The fact that it works on hardware suggests the binary is correct, so the problem must lie in the emulator's handling of something during runtime. + +So, putting this together, the issue seems to be a runtime error within QEMU when executing this specific binary. It's probably related to how the emulator handles certain operations or instructions used by the OCaml runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1267 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1267 new file mode 100644 index 000000000..0cbc31030 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1267 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm looking at this bug report about QEMU crashing when running binaries using qemu-i386. The user provided some details and backtraces from different versions of QEMU. Let me try to understand what's going on. + +First, they mentioned that any binary compiled with GOARCH=386 using TinyGo crashes with a segmentation fault. They tried both Go and TinyGo binaries, and the latter shows an internal Go error about mallocgc. That suggests something is wrong in the environment where the program runs because Go relies heavily on proper memory management. + +Looking at the backtraces, especially from QEMU 5.2.0, it seems that the issue arises during the translation of instructions. The backtrace points to functions like translator_loop and gen_intermediate_code, which are part of the TCG (Translation-Cache-Based Generator) in QEMU. Specifically, it's failing at cpu_ldub_code, which is a function for loading an unsigned byte from memory with address checking. + +In the 7.0.0 version backtrace, it's crashing in cpu_ldub_code as well, trying to load a byte but accessing an invalid address (0x8000), which is likely causing the segmentation fault. The older version's backtrace shows that it's failing at x86_ldub_code during disas_insn, indicating an issue with how instructions are being translated. + +Considering these points, it seems like the problem isn't with a specific system call or instruction handling but rather with how QEMU is translating and executing the code. The crash occurs in the runtime execution of the translated code, specifically when trying to access memory that's not properly set up or protected. + +The fact that other architectures (x86_64 and arm) work fine suggests that this is specific to the i386 target. It might be related to how QEMU handles user mode emulation for 32-bit x86, perhaps missing some setup or protection mechanism like VDSO (Virtual Dynamic Shared Object), which provides certain system calls in a virtualized environment. + +The user mentioned "qemu-i386 missing VDSO," which could mean that the i386 user-mode emulator isn't correctly setting up the necessary virtual shared objects, leading to incorrect memory accesses or missing required components for proper execution. Without VDSO, certain system calls might not be handled correctly, causing crashes. + +So, putting this together, the bug is related to how QEMU's i386 user-mode emulation handles runtime execution, possibly due to a missing setup of VDSO or incorrect memory management during translation. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1285363 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1285363 new file mode 100644 index 000000000..cfe170fdb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1285363 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm looking at this bug report about qemu-aarch64-static segfaulting. The user provided some context where using dh_fixperms and debootstrap --second-stage both cause core dumps. They mentioned that upstream versions have issues but a binary from SUSE's aarch64-1.6 branch works fine, hinting at the problem being fixed with sigprocmask wrapper patches in SUSE's tree. + +Looking at the backtrace provided, it starts with a memcpy call leading to a segmentation fault. The stack trace goes through functions related to target setup of sigframes and signals handling. It seems like an issue when setting up signal frames during emulation. + +The possible categories are instruction, syscall, or runtime errors. Since the crash is happening during runtime while processing signals, specifically in the signal handling code (signal.c), it's not about a faulty instruction being executed or a syscall error. Instead, it's related to how the emulator handles runtime events like signals and exception frames. + +So, this bug falls under 'runtime' because it's an error occurring during normal execution when handling signals. +</think> + +The issue occurs during runtime while processing signals, specifically in setting up signal frames. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1287195 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1287195 new file mode 100644 index 000000000..1ffff8873 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1287195 @@ -0,0 +1,7 @@ +<think> +Alright, I need to classify this bug report about QEMU into one of three categories: instruction, syscall, or runtime. The report says that validate_guest_space is incorrectly enabled on AArch64. + +Looking at the details, it mentions elfload.c and the ARM commpage. Since there's no commpage on AArch64, the function should be disabled. This seems to relate to how memory is managed during runtime rather than a specific instruction or syscall issue. So I think this falls under the runtime category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1294898 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1294898 new file mode 100644 index 000000000..632b8bf0b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1294898 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. The user provided some code snippets and described an issue they're having with the menu bar visibility in fullscreen mode when using GTK3. They mentioned that in GTK2, the menu bar was hidden during fullscreen, but in GTK3, it's still visible. + +The initial fix they tried was to hide the menu bar by calling `gtk_widget_hide(s->menu_bar);` instead of setting its size request to zero. However, this caused a problem because hiding the menu bar made all associated accelerators (like keyboard shortcuts) unavailable. This is an issue because users couldn't exit fullscreen mode using the shortcut anymore. + +To address this, they modified the code to install accelerators directly on the window so that the shortcuts remain available even when the menu bar is hidden. They also updated the menu item to display the accelerator keys correctly by setting them with `gtk_accel_label_set_accel()`, but noted that this function requires GTK 3.8 or higher. For older versions, there's no visual indication of the shortcuts, which might be a concern. + +Now, I need to classify this bug into one of three categories: instruction, syscall, or runtime. + +An "instruction" issue would involve incorrect documentation or user guidance. But in this case, it's about how the application behaves with GTK3 vs GTK2, so that doesn't fit. A "syscall" issue relates to system calls going wrong, which isn't mentioned here. So the remaining category is "runtime," which covers errors happening during program execution. + +The problem occurs when running QEMU in fullscreen mode under GTK3, where the menu bar remains visible and hiding it breaks keyboard shortcuts until they are re-implemented on the window. This is a runtime error because it affects how the application operates while running. Therefore, I think the appropriate category here is "runtime." +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1311614 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1311614 new file mode 100644 index 000000000..c79c6be62 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1311614 @@ -0,0 +1,15 @@ +<think> +Alright, I'm trying to help classify this bug where qemu-arm segfaults when using GCC 4.9.0 in an ARM chroot environment. Let's break down what's happening here. + +First, the user has set up an ARM chroot using qemu-arm for emulation. Everything worked fine with GCC 4.8.3, but after upgrading to GCC 4.9.0, commands like rpm and rpmbuild cause a segmentation fault in qemu. They've tried rebuilding qemu from various sources, but the issue persists. + +The bug report mentions that the segfault started occurring only after the GCC upgrade. This suggests that the problem might be related to how GCC 4.9.0 compiles certain binaries or interacts with the environment. The fact that downgrading GCC fixes the issue further points towards a compatibility problem between qemu and the new GCC version. + +Since the issue is happening during runtime when executing these commands, it's likely not an instruction-level bug but something related to how the system calls are being handled or how the binaries are compiled. However, considering that rebuilding qemu with the newer GCC didn't resolve the issue, it might indicate a deeper problem in how qemu handles certain execution paths introduced by the new compiler. + +Looking at the possible categories: instruction, syscall, runtime. Since the issue isn't about incorrect instructions or specific syscalls failing but rather a general runtime crash when executing programs compiled with GCC 4.9.0, I'm leaning towards it being a runtime error. It's not clear if it's specifically a syscall error because the report doesn't pinpoint which syscall fails; instead, it's a segfault in qemu itself. + +Therefore, the most appropriate category here is likely "runtime," as it's an issue that arises during the execution of programs within the emulator. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1346769 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1346769 new file mode 100644 index 000000000..4abde3230 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1346769 @@ -0,0 +1,13 @@ +<think> +Alright, let me try to work through this problem step by step. So, the issue is that when running 32-bit binaries with Address Sanitizer (Asan) under a 64-bit QEMU environment, there's a bug occurring. The user provided some output from running their test program which shows an error in Asan during initialization because it can't find stack boundaries. + +Looking at the provided code snippet, I see that in `linux-user/syscall.c`, specifically in the function `open_self_maps()`, there's conditional compilation for certain targets (like ARM, M68K, UNICORE32). For these targets, the code writes a line to `/proc/self/maps` indicating the stack boundaries. However, for other architectures, like x86_64 or i386, this isn't happening. + +The problem arises because Asan relies on certain entries in `/proc/self/maps` to determine stack boundaries during initialization. If these entries are missing, Asan can't correctly identify where the stack is, leading to errors such as the one seen here. + +So, why is QEMU not including the stack mapping for all architectures? It seems that only specific targets have this code enabled, possibly due to historical reasons or because other architectures were overlooked when implementing this feature. For 32-bit x86 guests running under a 64-bit QEMU, this omission causes issues with tools like Asan. + +The bug is essentially about QEMU not providing the necessary stack information in `/proc/self/maps` for all target architectures, which leads to runtime errors in programs that depend on this information. Therefore, it's a runtime issue because it affects the execution of user-space applications and not just instruction-level issues or system calls themselves. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1346784 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1346784 new file mode 100644 index 000000000..146e90d33 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1346784 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to figure out what category this QEMU bug falls into. The issue is that internal memory areas of QEMU are visible to the guest when it reads /proc/self/maps. That means the guest can see parts of QEMU's memory which shouldn't be exposed. + +Looking at the provided information, the user ran a test program with ASan and used QEMU's -R option because the binary couldn't run otherwise. The memory map shows both valid and invalid regions marked. The problem is that some areas marked as valid (like QEMU's own heap) are being reported to the guest. + +The category options are instruction, syscall, or runtime. Instruction issues involve faulty CPU instructions. Syscall problems relate to system calls not working correctly. Runtime errors are other issues during execution. + +This seems like a runtime issue because it's about how memory is managed and exposed during QEMU's operation. The problem isn't in an instruction or a specific system call but in the runtime environment where internal memory areas leak into the guest process's view. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1357206 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1357206 new file mode 100644 index 000000000..e2d359f7e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1357206 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report about QEMU crashing when running multi-threaded code in user mode. The user provided a test program that creates two threads and runs into segmentation faults under both qemu-i386 and qemu-aarch64. + +First, I'll look at the possible categories: instruction, syscall, runtime. + +The issue isn't about a specific instruction being faulty because the crash happens when running multithreaded code, which involves more than just executing instructions. It's also not directly related to syscalls unless the threading calls are problematic, but pthread is more of a library function. + +Since it's happening during runtime and involves how threads are managed in user mode emulation, this points towards a runtime error. The problem likely relates to how QEMU handles thread creation or synchronization under the hood when emulating the environment. + +So, the category should be 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1357226 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1357226 new file mode 100644 index 000000000..10badb4b4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1357226 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to classify this bug report that's part of QEMU. The user provided steps where they're using pbuilder to create and login into an armhf environment, then installing ImageMagick, running 'convert', which leads to a segmentation fault in QEMU. + +First, I need to understand what each category means. + +- **Instruction**: This would be if there's something wrong with the instructions given to users, like incorrect commands or steps. +- **Syscall**: This relates to errors when interacting with system calls, maybe an issue with how QEMU handles certain syscalls on armhf. +- **Runtime**: These are other runtime errors not covered by the above, such as crashes during execution. + +Looking at the bug report, it's about a segmentation fault happening in QEMU when running 'convert' through pbuilder. Since the crash occurs during the execution of a program within the QEMU environment, it seems like an issue that arises while running code on the target system. The problem isn't with instructions given to the user but rather how QEMU handles the process. + +I'm leaning towards this being a runtime error because it's about the behavior during program execution. It doesn't seem to be about system calls specifically or incorrect instructions from the user. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1361 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1361 new file mode 100644 index 000000000..3a2939cb8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1361 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. The issue is about running a PowerPC64 little-endian Linux build under QEMU's user emulation with 64KiB pages, and it started failing when moving from Ubuntu Focal (which had QEMU v4.2) to Jammy (with QEMU v6.2). The problem seems to be that the test is getting a SIGSEGV with SEGV_MAPERR at an address that was supposed to be mapped by an mmap call. + +Looking at the details, the user provided a backtrace showing where the signal occurs and some syscalls leading up to it. They also mentioned that bisecting points to a specific commit in QEMU, but they think that's just exposing an underlying bug rather than being the root cause. + +I need to determine if this is classified under 'instruction', 'syscall', or 'runtime'. + +First, 'instruction' would involve issues with how instructions are executed. If QEMU misinterpreted a PowerPC64 instruction leading to incorrect memory access, that could be it. But the bug report doesn't mention any specific instruction causing problems; instead, it's about segmentation faults after mmap calls. + +Next, 'syscall' relates to errors when handling system calls. The user shows that an mmap call was successful but then a subsequent access leads to SIGSEGV. Maybe QEMU is mishandling the mmap or the mapping of memory pages in 64KiB chunks, which could be a syscall issue. + +Then there's 'runtime', which covers other runtime errors not directly tied to instructions or syscalls. If the problem is due to how QEMU manages memory mappings or page tables during emulation, that would fall under runtime issues. + +Considering that the error occurs after an mmap and accessing the mapped area results in SIGSEGV, it suggests a problem with how the pages are managed in QEMU's user-mode emulation. This could be related to how 64KiB pages are handled compared to smaller pages. Maybe there's a bug in how QEMU translates or manages these larger pages when emulating the PowerPC architecture under Linux. + +So, is this an issue with how system calls like mmap are being translated (syscall) or more about the memory management and page handling at runtime? It seems more likely related to runtime because it involves the state of memory after a syscall. The fact that the address was mapped but then access fails suggests an error in maintaining the correct mappings, which would be part of the runtime environment setup by QEMU. + +Therefore, I think this should fall under 'runtime' errors. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1361912 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1361912 new file mode 100644 index 000000000..30dacbc66 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1361912 @@ -0,0 +1,11 @@ +<think> +Alright, let's tackle this problem step by step. The user is encountering a segmentation fault when running qemu-mips64 on their MIPS64 executable. First, I need to understand what a segmentation fault is—it typically happens when a program tries to access memory that it shouldn't, like accessing a null pointer or invalid memory address. + +The error message mentions "qemu: uncaught target signal 11 (Segmentation fault) - core dumped." This suggests that the issue is occurring within the guest environment being emulated by QEMU. So, it's not necessarily a bug in QEMU itself but something happening in the code being run under emulation. + +Possible categories for this bug are instruction, syscall, or runtime. Since the segmentation fault is a runtime error, it falls under 'runtime.' This category includes issues that happen during execution rather than problems with specific instructions or system calls. + +To help the user further, I might ask if they can provide more details about their executable or steps to reproduce the issue. Additionally, checking for any modifications in their QEMU setup or the target binary could be useful. If possible, running the same executable on real MIPS64 hardware or using a debugger within QEMU (like gdb) might shed light on where exactly the segmentation fault occurs. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1362635 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1362635 new file mode 100644 index 000000000..0af991c55 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1362635 @@ -0,0 +1,11 @@ +<think> +Okay, I'm trying to figure out what kind of bug this is based on the information provided. Let's see. The user mentioned that when calling `bdrv_read` in a loop, there's a possibility of re-entering a coroutine recursively, which causes QEMU to fail with an error message about a co-routine being re-entered recursively. + +Looking at the code snippets, I see that `bdrv_co_io_em_complete` is a function that gets called when an AIO operation completes. It uses `qemu_coroutine_enter` to resume the coroutine. The other function, `bdrv_co_io_em`, is a coroutine itself and yields after initiating the AIO request. + +The problem arises because if `bdrv_co_io_em_complete` is called before `qemu_coroutine_yield` in `bdrv_co_io_em`, it might cause the coroutine to be re-entered while still running, leading to a recursion issue. That seems like an error that happens during runtime since it's about how coroutines are being managed and entered. + +So, I think this is a runtime error because it's related to the execution flow of coroutines, not something like a compiler instruction or a system call failure. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1368 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1368 new file mode 100644 index 000000000..ceac1ba5c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1368 @@ -0,0 +1,23 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report related to QEMU. Let's break down what's happening step by step. + +First, looking at the problem description, the user is experiencing an unexpected value in the RAX register after executing two specific instructions: "mov -0x8(%rbp), %rax" and "movq 0xb8000, (%rax)". They expected RAX to be 0x7fedf but it's actually 0x7fefe, which is one less. + +They provided several steps in the process: + +1. The first instruction moves a value from memory (-0x8(%rbp)) into RAX. According to their GDB output, this memory address contains 0x000000000007fedf. So after executing this instruction, RAX should be 0x7fedf. + +2. They then execute "movq $0xb8000, (%rax)", which writes the value 0xb8000 into the memory location pointed to by RAX. + +However, they noticed that after this second instruction, RAX changes from 0x7fedf to 0x7fede. That's a decrease of one, which is unexpected. + +Then, they observed something odd: when checking the next instruction in GDB, the address changed from 0x2206 to 0x2207, and the instruction itself changed from "movq" to "movl". This suggests that perhaps there was a misfetch or an issue with how the instructions were being read. + +In step 5, they noticed that after executing "movl $0xb8000, (%rax)", RAX becomes 0x7fede. The change from movq to movl might indicate an instruction length mismatch—movq is a 64-bit move, while movl is 32-bit. If the processor misaligns or misfetches instructions, it could lead to incorrect behavior. + +Considering QEMU's role here, this seems like an issue with how the emulator handles certain instructions or memory accesses. The unexpected change in RAX suggests either a bug in the instruction decoding or execution within QEMU, possibly related to handling of 32-bit vs. 64-bit operations or instruction alignment. + +Since the problem occurs during runtime and involves incorrect behavior of registers after specific instructions, it's likely an issue with how the emulator is executing the code rather than a problem with system calls or faulty hardware. Therefore, this bug report falls under the "runtime" category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1388 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1388 new file mode 100644 index 000000000..275eca1c4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1388 @@ -0,0 +1,31 @@ +<think> +Alright, let's see what this user is asking about. They're talking about QEMU 7.2.0 and mention that the Windows installers for x86 and x64 aren't available on certain repository links. The latest version there is only RC4 from December 8th, 2022. + +Hmm, so they're pointing out a missing component in the file repository. It doesn't seem like it's an issue with how QEMU runs or interacts with system calls; rather, it's about the availability of specific installers for Windows platforms. + +I need to categorize this bug report. The options are instruction, syscall, or runtime issues. Since the problem is about missing files in a repository and not related to code execution errors, syscalls, or runtime behavior, it doesn't fit into those categories. + +Wait, maybe I should consider if there's another category that fits better. If the issue is about the packaging or distribution of QEMU, perhaps that's a separate category. But since the options given don't include packaging or distribution issues, and looking back at the possible categories provided: instruction, syscall, runtime... None of these seem to match directly. + +So, perhaps this doesn't fall into any of those specific categories, but if I have to choose the closest one based on the given options, maybe 'runtime' isn't accurate either. It's more about missing installers than a runtime error. + +Wait, the user is reporting that the final version 7.2.0 isn't available as an installer. So it's not a bug in QEMU itself but rather an issue with the distribution of its binaries. Since the provided categories don't include packaging or distribution, I might have to reconsider if any of the given options fit. + +Alternatively, maybe 'instruction' is about documentation or installation steps, which could be relevant here since the installers are missing. But I'm not sure if that's exactly what 'instruction' refers to in this context. + +Hmm, perhaps it doesn't neatly fit into any of these categories, but among the given options, none seem appropriate. So maybe the classification isn't applicable or there's a different way to categorize it. However, since the user is asking for one of these three, I might have to choose 'runtime' as the closest, even though it doesn't perfectly fit. + +Wait no, perhaps this is more about missing resources rather than runtime errors. Maybe none of the categories apply here, but if forced to pick from instruction, syscall, runtime, I'm not sure which one would be appropriate. Perhaps the user intended to report a packaging issue, which isn't listed, so maybe it doesn't fit any given category. + +But looking back at the initial problem, it's about files missing in the repository, so perhaps 'runtime' is still not fitting. Maybe this isn't classified under those categories and should be handled differently. However, since I have to choose one of the three, perhaps none are accurate, but if I must pick, maybe 'instruction' because it's about how users get QEMU installed. + +Wait, no, that might not make sense either. Perhaps the issue is more about availability than instructions. So maybe the correct classification isn't among the given options, but since I have to choose from instruction, syscall, runtime, perhaps this bug report doesn't fit into any of them and should be considered as a separate category or unclassified. + +Alternatively, maybe it's better to consider that the problem is not a bug in QEMU itself but rather an issue with the repository maintenance. Therefore, perhaps it shouldn't be classified under any of these categories as they relate more to software functionality than distribution issues. + +But since I have to choose one word from the given options, and none seem directly applicable, maybe 'runtime' is the least incorrect choice, though it's not perfect. +</think> + +The problem described is about missing installers in a repository, which doesn't fit into instruction, syscall, or runtime categories. However, based on the given options, none are perfectly accurate. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1397 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1397 new file mode 100644 index 000000000..c92101f36 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1397 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU and RISC-V. The issue is that when using break or hbreak commands, the breakpoints aren't set at the correct addresses when symbols are provided. + +First, let me think about what each command does. In GDB, 'break' sets a breakpoint at a specified location, usually by function name or address. 'hbreak' is similar but uses hardware-assisted breakpoints. Both should ideally stop execution at the intended point. + +The problem here is that when symbols are provided, the breakpoints aren't landing where they should. Symbols in debugging refer to named addresses like functions or variables. So if the breakpoint isn't set correctly based on a symbol, it's an issue with how QEMU handles these symbols during debugging. + +I'm considering possible categories: instruction, syscall, runtime. + +- Instruction issues would involve incorrect handling of CPU instructions. +- Syscall errors are about system calls not working as expected. +- Runtime issues are more general problems that occur while the program is running. + +This bug doesn't seem to be directly related to a specific instruction or a syscall. It's more about how breakpoints, which are part of the debugging process, are being handled. Since breakpoints involve setting addresses during runtime and symbols might not resolve correctly at that time, it's likely a runtime issue. + +So, I think this falls under 'runtime' because it's an error occurring while QEMU is running, specifically in handling breakpoints with symbols. +</think> + +The bug report involves issues with breakpoints not being set correctly when using symbols, which relates to how the debugger handles addresses during runtime. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/140 b/results/classifier/deepseek-r1:32b/reasoning/runtime/140 new file mode 100644 index 000000000..758dcd948 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/140 @@ -0,0 +1,11 @@ +<think> +Alright, I need to classify this bug report about QEMU into one of three categories: instruction, syscall, or runtime. The bug mentions that the clone() function can't handle glibc's posix_spawn(), leading to an issue in locale-gen where it asserts. + +First, I recall that clone() is a system call used for creating new processes. Posix_spawn() is another glibc function that also deals with process spawning but uses fork or clone under the hood depending on the system. The problem here is that when using clone(), something goes wrong when posix_spawn() is called, causing locale-gen to assert. + +Since the issue revolves around how these functions interact during runtime—specifically, a problem with process creation and handling—I think it's related to how the code behaves while executing. It doesn't seem to be about a specific instruction being faulty or a direct system call error but rather an unexpected behavior at runtime due to these function calls. + +So, I'm leaning towards this being a runtime issue because it's about the program's behavior during execution when certain functions are called. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1412 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1412 new file mode 100644 index 000000000..694876e07 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1412 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU crashing when executing certain SVE instructions. The user has provided some context and wants me to categorize it under one of three options: instruction, syscall, or runtime. + +First, let's break down the problem. After upgrading to QEMU v7.2.0 from 7.1.0, executing any SVE ldff1* instructions with a faulting address causes a crash due to a null pointer dereference in sve_probe_page at line 5364 of target/arm/sve_helper.c. + +The user points out that this issue was introduced by a specific commit (b8967ddf393aaf35fdbc07b4cb538a40f8b6fe37) by @rth7680. In this commit, the variable `full` is dereferenced before checking if `flags & TLB_INVALID_MASK`. The `probe_access_full` function sets `full` to null when encountering an invalid TLB entry. + +So, in terms of the categories: + +1. **Instruction**: This would relate to issues with specific CPU instructions or their handling. +2. **Syscall**: Issues related to system calls, which don't seem to be mentioned here. +3. **Runtime**: Errors that occur during runtime, such as crashes due to null pointers. + +The problem is occurring during the execution of SVE ldff1* instructions, which are specific ARM Scalable Vector Extension instructions. The crash happens because `full` is dereferenced before checking if it's valid, leading to a null pointer exception. This suggests that the bug is in how QEMU handles these instructions at runtime. + +While the issue arises during instruction execution, the root cause is more about how memory access is handled, which falls under runtime errors rather than an issue with the instruction itself or a syscall. Therefore, it's better categorized as a runtime error. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1429313 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1429313 new file mode 100644 index 000000000..7c4adf945 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1429313 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me read through the problem description again carefully. + +The issue is about QEMU not blocking target signals when entering a signal handler. The function process_pending_signals in signal.c blocks host signals but doesn't handle queued QEMU signals properly. This leads to recursion if multiple signals come quickly, causing an abort and core dump. + +So, what's happening here? It seems like the problem occurs during runtime because it's about how QEMU handles signals as they're being processed by the target application. The issue isn't related to a specific instruction or a syscall but rather the handling of signals at runtime. + +Therefore, this bug falls under the "runtime" category. +</think> + +The bug report describes an issue with signal handling during execution, which is a runtime problem. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1435 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1435 new file mode 100644 index 000000000..c962b4270 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1435 @@ -0,0 +1,11 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. The problem occurs during code generation for TCG (Translation Core Graphics), specifically when dealing with 32-bit hosts that don't have certain multiplication operations defined. + +The user describes an infinite recursion between `tcg_gen_mulu2_i32` and `tcg_gen_mul_i64`. When `tcg_gen_mulu2_i32` is called, it ends up invoking `tcg_gen_mul_i64`, which on a 32-bit host without specific multiplication helpers, calls back to `tcg_gen_mulu2_i32` again. This creates an infinite loop. + +Looking at the code flow, this issue arises during translation and generation of machine code by TCG, not during actual execution of the guest code. However, since the problem leads to assertion failures due to buffer overflows and block size reduction, it affects runtime behavior because QEMU's ability to translate code blocks is compromised. + +While the immediate cause is a missing code path in TCG, the symptom manifests as an error at runtime when translation fails. Therefore, the bug impacts the system during its normal operation rather than being a compile-time or instruction-level issue. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1478 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1478 new file mode 100644 index 000000000..2adca03a3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1478 @@ -0,0 +1,25 @@ +<think> +Okay, so I'm trying to figure out how to classify this QEMU bug report. The user provided a lot of information, including logs and steps to reproduce the issue. Let me go through it step by step. + +First, the problem is that when using QEMU 7.2.0 with a specific toolchain (x86-core2), the system crashes during boot. The same setup works fine with QEMU 7.1.0. They also tested this against the current master branch of QEMU and encountered the same issue. + +Looking at the logs, there are several lines indicating general protection faults in libc.so.6. For example: +- traps: syslogd[52] general protection fault ip:b7e21465 sp:bfe59e6c error:0 in libc.so.6[b7d9b000+123000] +- Similarly for klogd, logger, and init processes. + +These errors suggest that something is going wrong with the system calls or memory accesses within the C library, which is a critical part of the system. + +The kernel panic message says "Attempted to kill init! exitcode=0x0000000b", which means the init process crashed. This usually happens when a crucial system service fails during boot. + +The user performed a git bisect and found that the problematic commit is 958e1dd1300f37f18b2161dfb4eb806fc8c19b44. I don't have the exact details of what changed in that commit, but it's likely related to how QEMU handles certain instructions or system calls. + +In terms of classification, the bug report mentions issues with processes crashing due to general protection faults, which are related to accessing invalid memory addresses. Since these errors occur during runtime when running userland applications (like init, syslogd), and the issue is reproducible with specific toolchains and QEMU versions, it points towards a runtime error rather than an instruction or syscall issue. + +Wait, but could it be a system call problem? The GPFs are occurring in libc, which makes me think it's more about how userland processes interact with the kernel. Maybe the way QEMU is emulating certain instructions or handling memory isn't compatible with this toolchain's setup. + +Alternatively, if the issue is due to an incorrect instruction being executed by QEMU, that would fall under the 'instruction' category. But given that it's happening in libc during runtime and not during compilation or specific syscalls, I'm leaning towards a runtime error. + +So, considering all these factors, the bug is likely classified as a runtime issue. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1495 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1495 new file mode 100644 index 000000000..82a72f987 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1495 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to classify this bug report for QEMU. The problem is that on macOS, specifically ARM architecture, when running make check-unit after adding the socat dependency, it fails. Let me break down what's happening. + +First, the user installed socat and then ran make check-unit. This caused a failure in the test-io-channel-command. I'm not entirely sure what this test does exactly, but given that it's related to IO channels, it might involve some system calls or inter-process communication. + +The possible categories are instruction, syscall, or runtime. Instruction issues would be about incorrect code execution, like a wrong operation causing problems. Syscall errors relate to how the OS handles system calls, perhaps permissions or resource issues. Runtime errors are broader, encompassing other issues that occur while the program is running but aren't tied to specific instructions or syscalls. + +In this case, adding socat triggered the failure. Socat is a utility for redirecting data between files and network connections, so maybe it's causing some unexpected behavior in how QEMU interacts with system resources. The test failing on macOS suggests that there might be something related to how the OS handles certain operations, perhaps specific to ARM or the way socat interacts with file descriptors. + +Since the failure is during a unit test involving IO channels and after adding a new dependency (socat), it's possible that the issue isn't with an instruction per se but rather with how the system calls are being handled. Maybe the test expects certain behaviors from socat that aren't compatible on macOS ARM, or perhaps there's an issue with file descriptors or socket communication. + +Alternatively, it could be a runtime error if the problem arises due to environment-specific issues, like resource limits or compatibility problems with the version of socat installed. However, since the test is about IO channels and commands, which likely involve system calls for IPC, I think the category is more aligned with syscall errors because it's interacting with OS-level resources. + +But wait, maybe it's a runtime error if it's an issue that occurs during execution but isn't directly tied to a specific system call failing. It could be related to how QEMU manages its processes or handles certain conditions when using socat on macOS. However, the fact that it's a test specifically for IO channels and commands makes me think it's more about the interactions between different components, possibly through syscalls. + +I'm leaning towards 'runtime' because it might involve issues during execution not directly linked to a specific system call failing but rather how the program behaves in certain runtime conditions. Alternatively, if the issue is that a particular system call isn't working as expected on macOS with socat, then it would be a 'syscall' error. + +But given that the problem arises after adding a new dependency and during unit testing, which often checks for proper function behavior rather than low-level syscall issues, I think it's more likely a runtime issue. The test might fail because of how socat is interacting with QEMU in this specific environment, leading to unexpected behavior at runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1519037 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1519037 new file mode 100644 index 000000000..c0e2dbd51 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1519037 @@ -0,0 +1,23 @@ +<think> +Okay, so I'm trying to figure out this segfault issue when running 32-bit binaries using qemu-i386 on Linux. The user mentioned that it works fine without debugging tools but crashes when run normally. Hmm, interesting. + +First, I remember that segfaults usually happen due to invalid memory accesses. But why would it work in gdb or strace? Maybe those tools are changing the environment somehow, like adding breakpoints or altering memory mappings which prevent the crash from happening. + +The user is using qemu-i386 from Git, so maybe there's a bug in that specific version of QEMU. Since qemu-x86_64 works fine, it suggests that the problem isn't with the binary itself but specifically how QEMU handles 32-bit emulation on their system. + +I should consider possible causes like incorrect segmentation or TLB (Translation Lookaside Buffer) issues, which are more relevant in 32-bit environments. Maybe QEMU is mishandling certain CPU modes or virtual memory when running 32-bit code. + +Another angle could be environment variables or the way QEMU sets up the emulated environment for 32-bit vs. 64-bit processes. Perhaps something like missing libraries, incorrect PATH settings, or differences in how signals are handled. + +Since the issue disappears under debugging tools, it might relate to timing or concurrency issues that aren't present when running with a debugger attached. Or maybe gdb and strace modify the process's execution flow enough to avoid triggering the bug. + +To pinpoint this, I can try comparing the environment variables and process details when run normally versus under debuggers. Also, checking if there are any specific system calls or instructions in the binary that might interact differently with QEMU's 32-bit emulation. + +Looking into QEMU's logs for both cases (with and without debugger) could shed light on what differs. Maybe there's an error or warning when running the 32-bit binary normally that isn't present otherwise. + +I should also consider if it's a known issue in the version of QEMU they're using, so checking the QEMU bug tracker might help. Additionally, trying to run with different logging levels or specific debug options could reveal more about where exactly the segfault occurs. + +In terms of categories, since this is happening at runtime when executing the binary under qemu-i386, and it's not a problem with an instruction per se but rather how QEMU handles execution or environment setup, I think it falls under 'runtime'. It's an error that happens during the normal operation of the program in the emulated environment. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1527765 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1527765 new file mode 100644 index 000000000..4101306dd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1527765 @@ -0,0 +1,20 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report as either an "instruction," "syscall," or "runtime" issue related to QEMU. Let me go through the information provided step by step. + +The user is having trouble with GHC (a Haskell compiler) segfaulting when run under QEMU's sh4-static emulator. They've tried compiling a simple Haskell program, and sometimes it works after several attempts. The error messages show that QEMU is throwing a segmentation fault, which is a type of runtime error. + +Looking at the logs, there are mentions of locale warnings, but those seem unrelated to the core issue. The main problem is the segfault during compilation. When they run GHC repeatedly, sometimes it succeeds, which suggests that the issue isn't consistent and might be environment-related. + +The user provided a tarball with their setup and mentioned applying certain patches to QEMU for syscalls. However, the problem persists even after these fixes. They've also tried different versions of libc without success. + +Now, considering the categories: +- "Instruction" would involve issues with specific CPU instructions that QEMU handles incorrectly. +- "Syscall" relates to problems when handling system calls within the emulated environment. +- "Runtime" covers other runtime errors not related to instructions or syscalls, such as memory management issues. + +The bug report doesn't specify a particular instruction causing the problem, nor does it point directly to a syscall issue despite mentioning patches. The segfault during compilation is more about how the program runs under QEMU rather than specific instruction execution or system calls. Therefore, this seems like a runtime error because it's about the overall behavior and stability of the emulation when running GHC. + +So, I think the appropriate category here is "runtime." +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1528 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1528 new file mode 100644 index 000000000..219c3ea74 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1528 @@ -0,0 +1,13 @@ +<think> +Okay, I'm looking at this bug report where someone is trying to run a cross-compiled hello world program on a POWER9 server using QEMU. The error they're getting is from user-exec.c line 492: "page_set_flags: Assertion `start < end' failed." + +First, I need to understand what's causing this assertion failure. The message suggests that the start address isn't less than the end address when setting page flags. That doesn't sound like a faulty instruction because it's more about how memory is being managed rather than an incorrect opcode. + +Next, considering whether it's a syscall issue. The error occurs in user-exec.c, which relates to how QEMU handles syscalls for user-mode emulation. If the assertion is failing during page setup, maybe there's an issue with how memory regions are defined or how syscalls are being handled when mapping these regions. However, the error isn't directly pointing to a syscall failure but rather an internal check in QEMU. + +Since it's happening at runtime when running the hello world app, and given that the error is about page flags during execution, this seems like a runtime issue. It might be related to how QEMU initializes or manages memory pages for the emulated environment, possibly due to incorrect parameters being passed when setting up the memory regions. + +So, putting it all together, the bug isn't directly about an instruction or a syscall but rather how QEMU handles memory during runtime execution. Therefore, it falls under the runtime category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1528239 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1528239 new file mode 100644 index 000000000..72746428c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1528239 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out what category this bug falls into. The user provided a bug report about debugging PIE binaries using QEMU's gdb stub. Let me break it down step by step. + +First, the setup: They compiled a simple C program with -fPIC and -pie flags, which makes it a Position-Independent Executable. Then they tried running it under QEMU's x86_64 user mode emulator with the -g option to attach gdb via port 1234. When they set a breakpoint on main in gdb, it failed because it couldn't access memory at address 0x775. + +Looking at the categories given: instruction, syscall, runtime. I need to determine which one fits best here. + +The issue arises during debugging when trying to set a breakpoint. The problem isn't necessarily with executing an instruction incorrectly or making a syscall, but rather that QEMU's gdb stub is having trouble accessing memory where the breakpoint should be set. This suggests it's related to how QEMU handles memory access for debugged processes, which might involve runtime environment setup. + +So, since it's about the debugger not being able to set breakpoints correctly in a PIE binary when running under QEMU, this seems like a runtime error rather than an instruction or syscall issue. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1531 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1531 new file mode 100644 index 000000000..a9d5c3a91 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1531 @@ -0,0 +1,19 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The issue is about MIPSr6+MSA emulation being broken in QEMU versions 6.2.0 and 7.0.0 on Ubuntu 22.04 LTS. The user provided steps to reproduce where multiple tests are failing when running a binary using QEMU's linux-user mode. They also mentioned that the cross-compiler comes with its own QEMU version which can interfere if added to PATH, but the problem persists in specific system QEMU versions. + +Looking at the possible categories: + +1. **Instruction**: This would relate to issues with how instructions are handled by the emulator. Since MSA (MultiMedia Supplements Accelerator) is an extension for MIPS that adds SIMD operations, any issue here could be related to instruction handling if the emulator isn't correctly executing MSA instructions. + +2. **Syscall**: If the problem was due to system calls not being handled properly, it would fall under this category. However, the user's steps don't mention any specific syscalls failing; rather, they're running a test suite that likely involves SIMD operations which are part of MSA. + +3. **Runtime**: This is more general and refers to errors that occur during execution. Since the issue affects multiple tests (8,11, etc.), it seems like it's not isolated to a single instruction or syscall but rather a broader runtime problem with the emulation of MIPSr6+MSA features in QEMU. + +Given that MSA is an ISA extension and the tests are failing across various points, it suggests that there's a flaw in how QEMU emulates these instructions or perhaps handles the state required for MSA operations. Since multiple tests fail, it's likely not a single instruction issue but a runtime problem with handling the MSA extensions. + +Therefore, I think this falls under the **runtime** category because it's an emulation error that occurs during the execution of code relying on MSA instructions. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1533141 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1533141 new file mode 100644 index 000000000..27c187f95 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1533141 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU. Let me start by understanding what's being reported here. + +The user provided two issues found in the file `invalset.h`. Both are style-related and involve potential array index checks before usage. The first issue is at line 442, where the variable 'low' is used as an index without checking its bounds beforehand. Similarly, at line 450, 'middle' is used without a prior check. + +Hmm, the user also mentions that binary search is a standard C library routine and suggests using it instead. So perhaps these are instances of reinventing the wheel with a less efficient or more error-prone implementation. + +Now, considering the categories given: instruction, syscall, runtime. The bug doesn't seem to be about an incorrect instruction being generated (so not instruction). It's also not related to system calls directly, so probably not syscall. + +That leaves runtime errors. These issues could lead to accessing invalid array indices, which would cause runtime problems like crashes or undefined behavior. So the problem here is with the runtime execution of QEMU when dealing with these array accesses. + +I think the classification should be 'runtime' because it's about potential runtime errors due to incorrect index checks. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1541 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1541 new file mode 100644 index 000000000..e257d899b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1541 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm looking at this bug report about QEMU and Clang 15 having an issue with G_NORETURN. The problem occurs when building for MIPSEL or using a minimal example provided. + +The error message says that there's an attribute list appearing where it shouldn't. The code in question is using `extern G_NORETURN` before the function declaration. The user suggests swapping `extern` and `G_NORETURN` to fix it. + +Hmm, I remember that in C++, certain attributes like `[[noreturn]]` can be applied to functions. But the placement of these attributes relative to other specifiers matters. In Clang 15, maybe they changed how they handle attribute placements or their order with other keywords. + +Looking at the code snippet, when the user writes `extern G_NORETURN void qemu_build_not_reached_always(void);`, it's possible that Clang is interpreting this as an invalid position for the attribute. So, moving `G_NORETURN` after `extern` might resolve the syntax issue because the compiler expects certain keywords in a specific order. + +I think the key here is understanding the correct placement of function attributes and specifiers in C++. According to the standard, attributes can appear before or after other specifiers, but maybe Clang 15 has stricter enforcement. Alternatively, perhaps `G_NORETURN` being a macro that expands to `[[noreturn]]` isn't compatible when placed before `extern`. + +So, this seems like a compiler-specific issue where the order of keywords matters for parsing. The user's fix suggests that placing `extern` first and then the attribute works around the problem in Clang 15. + +This bug is more about how the code interacts with the compiler during compilation rather than runtime behavior or system calls. It doesn't involve instructions execution or syscalls; it's a compile-time error due to syntax placement. +</think> + +The issue arises from incorrect ordering of function specifiers and attributes in the source code when using Clang 15, leading to a compile-time error. Fixing the order resolves the problem. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1550503 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1550503 new file mode 100644 index 000000000..2106fdf1b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1550503 @@ -0,0 +1,24 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU. The problem seems to be in the helper.c file at line 5493. The error message says that an expression is always true, which suggests there's a logical issue here. + +Looking at the code snippet provided: + +(env->uncached_cpsr & CPSR_M) != CPSR_USER && + +And from cpu.h: + +#define CPSR_M (0x1fU) +#define CPSR_USER (CPSR_NZCV | CPSR_Q | CPSR_GE) + +So, CPSR_M is 0x1f, which is a mask for the lower 5 bits of the CPSR register. The line in helper.c is checking if the current mode (as determined by CPSR_M) is not equal to CPSR_USER. + +Wait, but CPSR_USER is defined as a combination of other flags: NZCV, Q, and GE. These are all status flags, not modes. So maybe there's a confusion here between mode bits and status bits. + +The issue arises because the code is using CPSR_USER in a comparison that should be checking the mode. Since CPSR_M only checks the lower 5 bits (the mode), comparing it to CPSR_USER (which has higher bits set) will always result in true, because CPSR_USER has more than just the lower 5 bits set. + +This kind of mistake would cause unintended behavior during runtime, as the condition is never false. So when QEMU is running, this check might incorrectly bypass certain operations, leading to bugs or incorrect state transitions. + +So, considering the categories: instruction, syscall, or runtime. This isn't about a specific instruction being faulty or a problem with system calls. It's an issue in how the code handles CPU states at runtime. Therefore, it falls under 'runtime' errors. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1568107 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1568107 new file mode 100644 index 000000000..306766d0f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1568107 @@ -0,0 +1,23 @@ +<think> +Alright, so I'm trying to figure out what's going on here. The user is running an x86_64 binary using QEMU on an ARM machine, and they're getting this error: "setup_rt_frame: not implemented" followed by a segmentation fault. + +First, let me break down the components involved. They're using QEMU-x86_64 to emulate an x86_64 environment on an ARM host. The binary in question is Parity version 1.0.1 for Linux, which they downloaded and are trying to run with specific pruning settings. + +The error messages indicate that the setup_rt_frame function isn't implemented. That suggests that during the emulation process, QEMU encountered a situation where it needed to set up a real-time frame, but this functionality wasn't available in their version or configuration of QEMU. Real-time frames are typically related to handling exceptions or signals within the emulated environment. + +A segmentation fault (signal 11) usually means that the program tried to access memory that it shouldn't have. In an emulation context, this could be because QEMU didn't properly handle a certain instruction or system call, leading to incorrect memory accesses in the guest process. + +Now, looking at the possible categories: instruction, syscall, runtime. + +- **Instruction** would relate to a specific CPU instruction causing issues. +- **Syscall** would involve problems with how system calls are handled between the host and guest environments. +- **Runtime** is for other errors that occur during execution but aren't tied directly to instructions or syscalls. + +The error here doesn't seem to be about an unhandled instruction or a syscall issue. Instead, it's about QEMU not implementing a specific runtime function (setup_rt_frame), leading to the segmentation fault. This points more towards a runtime error because it's related to how the emulation handles certain runtime processes rather than instructions or syscalls. + +So, putting it all together, this bug is likely a **runtime** issue within QEMU. +</think> + +The error arises from an unimplemented function in QEMU during runtime, causing a segmentation fault. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1591611 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1591611 new file mode 100644 index 000000000..c1872a0da --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1591611 @@ -0,0 +1,16 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's look at the details provided. + +The issue happens when using qemu-x86_64-static on a ppc64el host to chroot into an amd64 environment. The error messages show assertion failures and segmentation faults. + +The user copied the qemu binary into the chroot and tried running commands, which failed with these errors. The output mentions issues in fork.c related to pthreads and a segmentation fault. + +Looking at the possible categories: +- Instruction: This would relate to specific CPU instructions failing or being incorrectly handled. +- Syscall: Issues with system calls not working as expected between host and guest. +- Runtime: Errors that occur during runtime, like crashes or assertion failures not tied to specific syscalls or instructions. + +The error here is a segmentation fault in the guest environment when trying to run commands. It's likely due to incorrect handling of the pthreads implementation under emulation. This seems more like a runtime issue because it's an unexpected crash rather than a problem with individual system calls or instructions. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1593 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1593 new file mode 100644 index 000000000..cb631b736 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1593 @@ -0,0 +1,17 @@ +<think> +Okay, I need to classify this bug report about QEMU's SLIRP hostfwd feature ignoring the bind address and using INADDR_ANY instead. Let me think through what each category means. + +First, the user described that when they specify a hostfwd with a particular IP (like 127.0.0.1), QEMU ends up listening on all interfaces, which is a security issue because it might expose the guest more than intended. The problem seems to be in how SLIRP handles the bind address. + +Looking at the possible categories: + +- **Instruction:** This would be if there was an incorrect instruction given or processed. But here, the user provided the correct syntax but QEMU didn't respect it, so it's not about processing instructions wrong. + +- **Syscall:** If the issue were with a system call error, like a failed bind(), that might fit. However, the problem is more about using INADDR_ANY regardless of input, which isn't a syscall failure but rather incorrect behavior in handling configuration. + +- **Runtime:** This refers to errors happening during runtime, such as logic errors or misconfigurations. Since QEMU is supposed to use the specified bind address but doesn't, this seems like a runtime error because it's about how the program behaves when running. + +So the issue isn't with an instruction or a syscall failure; it's that during runtime, QEMU doesn't respect the user-defined bind address and instead uses INADDR_ANY. Therefore, the category should be "runtime". +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1603734 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1603734 new file mode 100644 index 000000000..50488a35b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1603734 @@ -0,0 +1,13 @@ +<think> +Okay, so I need to classify this bug report about QEMU hanging during floatx80_sqrt. Let's see what the problem is. The user mentioned that when using qemu-i368 and qemu-x86_64, they hang at 100% CPU usage when running a specific test program. They provided steps to reproduce it by compiling some code and running it under QEMU. + +Looking at the possible categories: instruction, syscall, or runtime. The issue is happening in floatx80_sqrt, which is part of the softfloat library used for floating-point operations. The error seems to be an infinite loop at line 6569 of fpu/softfloat.c. + +So, what's causing this? It's not a syscall error because it's related to floating-point math, not system calls. It's also not directly about a faulty instruction being processed; instead, it's more about how the software handles certain inputs during runtime. The bug occurs when specific input values cause an infinite loop in the sqrt function, leading QEMU to hang. + +Therefore, this falls under 'runtime' because it's an error that happens during execution, specifically related to handling floating-point operations incorrectly, causing a loop that doesn't terminate. +</think> + +The issue is classified as a runtime error because it occurs during the execution of the program when handling specific input values in the floatx80_sqrt function. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1614348 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1614348 new file mode 100644 index 000000000..1960d94bf --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1614348 @@ -0,0 +1,17 @@ +<think> +Okay, let me try to figure this out step by step. The user provided a bug report about QEMU where running a simple program causes an illegal instruction error. They're using Fedora 24, QEMU version 2.6.92, and compiling with arm-linux-gnu-gcc. + +In the first scenario, they compiled their hello.c without including any startup files by using -nostdlib. This caused the linker to complain about not finding the _start symbol and defaulting to an address. When they ran it with QEMU, it gave a core dump due to an illegal instruction. + +Then, in the second case, they included the necessary CRT (C Runtime) objects like crt1.o, crti.o, and crtn.o. This time, the program worked without issues. + +So, the problem seems to be that when not including these startup files, the program doesn't have a proper entry point, leading QEMU to encounter an illegal instruction because it's trying to execute code at the wrong address or in an undefined state. + +Looking at the possible categories: instruction, syscall, runtime. The error here isn't about a specific system call failing nor is it directly about an invalid instruction in the user's code. Instead, it's more about the program not being set up correctly at runtime because of missing startup code. + +Therefore, this issue falls under 'runtime' errors since it's related to how the program initializes and runs. +</think> + +The bug report describes a problem where the absence of necessary CRT (C Runtime) files leads to an improper program initialization. This results in QEMU encountering an illegal instruction error at runtime. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1623020 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1623020 new file mode 100644 index 000000000..05f8455dd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1623020 @@ -0,0 +1,15 @@ +<think> +Okay, I'm trying to figure out what's going on here. So, the user is trying to run a Go program compiled for amd64 on a Raspberry Pi, which uses an ARM7 architecture. They've used QEMU to emulate the x86_64 environment. But when they run it, they're getting some errors. + +Looking at the output, there are several writes to stderr with messages like "runtime: panic before malloc heap initialized" and "gentraceback before goexitPC initialization". These seem to be runtime errors from Go, not directly related to a specific instruction or syscall. + +I remember that when running code compiled for a different architecture using an emulator, sometimes the environment isn't properly set up. Maybe QEMU isn't handling some part of the emulation correctly, causing the Go runtime to fail during initialization. + +The user is using the latest QEMU version, which was configured with static linking and only includes x86_64-linux-user. The Go version is 1.7.1. I wonder if there are known issues with that combination. + +The error messages suggest that the program is panicking at a very early stage, possibly before the heap is even initialized. This makes me think it's not an issue with a specific system call but rather something more fundamental in how the Go runtime is starting up within QEMU. + +So, considering the categories: instruction issues would involve incorrect machine code being executed, syscall issues would relate to problems making system calls, and runtime errors are other kinds of failures during program execution. Here, it seems like the problem is happening early in the runtime setup, not tied to a specific instruction or syscall. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1641861 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1641861 new file mode 100644 index 000000000..f1f5d381a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1641861 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU and ARM emulation. The user provided some code that interacts with the FPSCR register in ARM. They say that when they run it on a real ARM machine, the output is "000000000000000000000000fff7009f", but when they run it under QEMU, they get "000000000000000000000000ffffffff". + +Looking at the code, they're loading a value into r0 from i0, then writing that to FPSCR using vmsr. Then they read back the FPSCR into r4 and store it in o. The output shows differences in the bits after the first 12 bytes. So, QEMU is allowing some reserved bits in FPSCR to be set when it shouldn't. + +The user mentions that according to the ARM manual, certain bits (like bits [19], [14:13], and [6:5]) should remain zero as they are RES0 (reserved and must read as 0). But QEMU isn't enforcing this; these bits can be modified. + +Now, looking at the possible categories: instruction, syscall, runtime. The issue seems to be with how QEMU handles the FPSCR register's write operations. It's not correctly maintaining certain bits as zero when they should be. This is related to how the emulator executes instructions involving that register. + +So, this isn't a problem with a specific instruction or a system call. Instead, it's an issue during runtime where the state of a register isn't being managed correctly according to architecture specifications. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1648 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1648 new file mode 100644 index 000000000..f84e4fb8c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1648 @@ -0,0 +1,17 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report about QEMU. The problem seems to be related to signal frames and alignment issues on x86_64. Let me go through it step by step. + +First, the user describes that when using a certain setup with QEMU, there's a segmentation fault happening due to incorrect alignment of `pretcode` in both `sigframe` and `rt_sigframe`. The issue arises because these structures aren't aligned properly, leading to a crash during execution. + +The bug report mentions that `pretcode` should be aligned as 16n minus the size of a pointer (`void*`), not just at a 16-byte boundary. This misalignment causes the stack pointer (rsp) to point incorrectly when a function is called, resulting in a segmentation fault. + +Looking at the provided code snippet from `qemu/linux-user/i386/signal.c`, it shows that `struct rt_sigframe` includes `pretcode`, followed by other structures. The current alignment makes `pretcode` start at a 16-byte boundary, which is incorrect because after a function call, the return address (which is part of `pretcode`) should be aligned properly considering the stack's behavior. + +The proposed fix adjusts the structure by adding an unused field with alignment to ensure that `fpstate` starts correctly. This changes the offset of `pretcode`, making it align as 16n minus 8 bytes on x86_64, which matches the expected behavior. + +Now, categorizing this bug: The issue isn't about a faulty instruction or a problem with system calls directly. Instead, it's an error in how data structures are managed at runtime, specifically during signal handling and stack alignment. This seems to fall under "runtime" errors because it affects the program execution flow and memory management dynamically. + +So, the category should be "runtime". +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1650 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1650 new file mode 100644 index 000000000..2ee52d564 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1650 @@ -0,0 +1,13 @@ +<think> +Okay, I need to figure out how to classify this bug report related to QEMU. The user provided some details about an error they encountered when running qemu-i386-static. Let me go through the problem step by step. + +First, looking at the error message: "Unable to reserve 0xfffff000 bytes of virtual address space at 0x1000 (Operation not supported)". This suggests that QEMU is trying to map a large chunk of memory but isn't allowed to do so. The strace output shows an mmap call with MAP_FIXED_NOREPLACE returning EOPNOTSUPP, which means the operation isn't supported. + +The user mentions they're running on a kernel version 4.4, and that QEMU is checking for MAP_FIXED_NOREPLACE at build-time but not at runtime. They suspect that detecting this feature at runtime could solve the issue because the kernel doesn't support it here. + +So, looking at the possible categories: instruction, syscall, or runtime. The problem isn't about a faulty instruction in the code (instruction category) nor is it an error directly with a system call (syscall). It's more about how QEMU handles the availability of certain memory mapping features during execution. Since QEMU is trying to use MAP_FIXED_NOREPLACE but the kernel doesn't support it, and this detection only happens at build-time, the issue arises during runtime when the feature isn't present. + +Therefore, the bug report is about a runtime error because it's occurring while the program is running, not due to an incorrect instruction or a problem with a specific system call itself. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1654137 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1654137 new file mode 100644 index 000000000..05738c486 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1654137 @@ -0,0 +1,19 @@ +<think> +Okay, so I need to classify this bug report about QEMU where Ctrl-A b isn't working after an update from 2.7.0 to 2.8.0. The user is using NetBSD amd64 and installed QEMU from source. + +First, let's understand what the issue is. The user can no longer send a break signal using Ctrl-A b in the updated version of QEMU. Other Ctrl-A commands are working fine. This suggests that the problem isn't with the entire keyboard input or the terminal setup because other commands work. + +I know that in QEMU, certain key combinations like Ctrl-A h (help) or Ctrl-A c (console) are used to interact with the virtual machine. These sequences are handled by the monitor console. The fact that other commands work means that the basic functionality of the monitor isn't broken. + +Ctrl-A b is supposed to send a break signal, which in many systems can cause an interrupt or reset. If this sequence isn't working, it could be related to how QEMU handles signals or certain keyboard events in version 2.8.0. Since reverting to 2.7.0 fixes the issue, there must have been some changes between these versions that affected this specific functionality. + +Looking into possible categories: instruction, syscall, runtime. + +- Instruction issues are about faulty instructions in the code. This doesn't seem directly related because it's more about handling user input rather than executing machine instructions. +- Syscall errors would involve system calls not working correctly. While sending a break might involve some syscalls, the issue here is more about how QEMU processes the key sequence and translates it into an action for the VM. +- Runtime errors are other issues that occur while the program is running. Since this is happening during normal operation when trying to send a command, runtime seems appropriate. + +Therefore, the category should be runtime because it's related to how QEMU handles user input and executes commands at runtime, not an issue with instructions or system calls. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1659901 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1659901 new file mode 100644 index 000000000..5e9252596 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1659901 @@ -0,0 +1,15 @@ +<think> +Okay, so I need to classify this bug report about Java crashing with SIGSEGV when using QEMU. Let's see what the issue is. The user is running a Java program inside a chroot on an armhf image using qemu-user-static. They've noticed that with version 2.8, it crashes, but not with 2.7. + +They mentioned that the crash happens at random locations each time. SIGSEGV is a segmentation fault, which usually means there's an invalid memory access. Since they're using QEMU for emulation, this could be related to how instructions are translated or syscalls are handled. + +The Java runtime in question is Azul Systems Zulu Embedded, which has an arm32 JIT. That means the JIT compiler generates native code for ARM, but if there's a problem with how QEMU handles these instructions, it could cause issues. + +I need to determine whether this is related to an instruction fault, a syscall issue, or something else in runtime. Since the crash happens when running Java which uses JIT and the segfault location varies, it might be due to incorrect handling of certain ARM instructions by QEMU. Alternatively, if syscalls made by Java are not properly emulated by QEMU, that could cause issues. + +Given that it's happening consistently with a specific QEMU version and not another, it suggests a regression in QEMU 2.8. The fact that the crash is random points towards something during runtime execution rather than a fixed issue at a particular instruction or syscall point. + +So putting it together, the bug seems to be related to how QEMU handles certain runtime operations when emulating ARM for JIT-compiled code. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1661815 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1661815 new file mode 100644 index 000000000..1eb9c4bfd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1661815 @@ -0,0 +1,9 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report about QEMU. The report mentions that there's an issue in the function translate_one within target-s390x/translate.c. Specifically, it points out that the address of a local variable "f" is being returned through s->fields. Since "f" is a local variable on the stack, once the function returns, this pointer becomes invalid because the variable goes out of scope. + +The problem here is related to undefined behavior as per the C Standard, which could lead to memory corruption or other issues. The suggestion is to sanitize "s->fields" by setting it to null before returning to prevent using an invalid pointer. + +Now, looking at the categories: instruction, syscall, runtime. Since this issue arises during the execution of the program and relates to improper handling of pointers leading to potential runtime errors (like accessing freed memory or dangling pointers), it falls under runtime issues. It's not directly related to a specific instruction being faulty or a system call error but rather an issue with how the program manages its resources at runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1667401 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1667401 new file mode 100644 index 000000000..c650adb2d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1667401 @@ -0,0 +1,13 @@ +<think> +Alright, let's try to figure out this bug classification. The user provided a detailed bug report about qemu-ppc segfaulting when running a program that uses pthread_create and pthread_join. + +First, I need to understand what each category means. "Instruction" issues are related to specific CPU instructions causing problems. "Syscall" would involve errors in system calls the program makes. "Runtime" is for other runtime errors not covered by the first two. + +In this case, the problem occurs when creating a thread using pthread_create. The error happens during execution and isn't tied to a specific instruction but rather how the threads are being handled within QEMU's PPC emulation. Also, the strace shows clone() syscalls which are part of threading, so it's more about runtime behavior than a syscall issue itself. + +The fact that removing the pthread calls fixes the issue points to an error in how the threading is managed during runtime. It doesn't seem like a specific instruction or a direct syscall problem but rather how QEMU handles thread creation and synchronization for PPC targets. + +So, this bug seems to fall under "runtime" errors because it's about how the program behaves while running, particularly with threading operations that aren't handled correctly by QEMU. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1671 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1671 new file mode 100644 index 000000000..c11c5ac23 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1671 @@ -0,0 +1,17 @@ +<think> +Okay, I need to classify this bug report as either "instruction," "syscall," or "runtime." Let's look at the information provided. + +The user has shared a GDB backtrace from a segfault when running a test binary under QEMU-RISC-V64. The backtrace shows multiple threads and points of failure within QEMU, specifically in functions like `cpu_loop`, `clone_func`, and several gdbstub-related functions. + +I'll go through each possible category: + +1. **Instruction**: This would involve issues with specific CPU instructions causing the problem. However, looking at the trace, it doesn't mention any particular instruction or disassembly. The issue seems more related to how QEMU handles the program execution rather than a faulty instruction itself. + +2. **Syscall**: This category involves errors during system calls. While there are syscalls mentioned in the code (like `do_syscall`), the stack trace points to gdbstub and other internal functions, not necessarily an error in handling a syscall. + +3. **Runtime**: This refers to general runtime errors that aren't specifically tied to instructions or syscalls. The segfault seems to occur during the execution loop (`cpu_loop`), which is part of QEMU's runtime environment. Additionally, multiple threads are involved, suggesting a concurrency issue or an error in handling the program's execution flow. + +Given the context, the bug isn't directly linked to a specific instruction or syscall but rather how QEMU manages the execution at runtime. Therefore, it falls under "runtime." +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1696353 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1696353 new file mode 100644 index 000000000..0216430df --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1696353 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report about Go binaries failing under Linux-user in QEMU. The user provided an error log and mentioned that it's related to the Go runtime not passing the CLONE_SYSVMEM flag during clone calls on Linux. + +First, looking at the error message: "runtime: failed to create new OS thread (have 2 already; errno=22)". This suggests a problem with creating new threads. The stack trace points to runtime.newosproc and mentions an issue in os_linux.go line 160. That file is part of Go's runtime, specifically handling OS-specific code for Linux. + +The user also linked the Go source where clone flags are set. They noted that the CLONE_SYSVMEM flag isn't being passed, which is necessary for certain environments like QEMU's user mode. So the issue is within how the Go runtime interacts with system calls when running under specific conditions. + +Considering the categories: instruction refers to faulty CPU instructions, syscall relates to issues in system calls or their handling, and runtime covers other runtime errors. Here, the problem is that the Go runtime isn't correctly setting up clone flags for the environment it's running in. Since this involves how the runtime interacts with the OS via syscalls but is specifically about the Go runtime's implementation, I think it falls under 'runtime' rather than a general syscall issue. + +So, the category should be 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1697 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1697 new file mode 100644 index 000000000..bee24abbb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1697 @@ -0,0 +1,13 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report. The user provided a detailed description of an issue they encountered when using QEMU 8.0.50 with a Cortex-M55 CPU. They created a simple test program that just returns 0 in main and tried running it under QEMU. However, they ran into an assertion failure in the QEMU code. + +The error message is: "qemu-arm: ../accel/tcg/user-exec.c:492: page_set_flags: Assertion `last <= GUEST_ADDR_MAX' failed." This suggests that during execution, some address calculation went beyond the maximum allowed guest address. + +Looking at the possible categories—instruction, syscall, runtime—the assertion failure isn't about a specific instruction or a system call issue. Instead, it's related to how QEMU is handling memory addresses internally when running the test program. + +The user also mentioned that this is a known problem linked in another GitLab issue. From what I can gather, the error occurs during runtime as QEMU processes the guest's memory mappings. It seems like an internal bug within QEMU's TCG accelerator when dealing with certain CPUs or configurations. + +So, considering all this, the issue isn't about executing a wrong instruction or handling a system call incorrectly. Instead, it's a problem that arises while running the program due to an internal QEMU assertion failure related to memory addresses. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1704638 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1704638 new file mode 100644 index 000000000..eb39b4231 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1704638 @@ -0,0 +1,17 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report about QEMU hanging when running MIPS and MIPS64 programs. The user provided details about compiling a program that uses weak symbols, leading to a crash but instead causes QEMU to hang. + +First, looking at the issue: the program is statically linked and uses a weak pointer which should evaluate to NULL. On other systems, this would cause a crash, but with QEMU in user mode for MIPS and MIPS64, it hangs. The GDB output shows that QEMU is stuck inside `gen_intermediate_code`, specifically at `__lll_lock_wait` due to a mutex lock. + +I need to categorize this bug into one of three categories: instruction, syscall, or runtime. + +- **Instruction**: This would involve an incorrect handling of CPU instructions. +- **Syscall**: Issues related to system calls not being handled properly by QEMU's user mode. +- **Runtime**: Other runtime errors that don't fall into the first two categories. + +The problem seems to stem from how QEMU handles threading or locks in its translation process. The mutex lock is part of the thread handling, and since it's causing a deadlock, this points more towards runtime issues rather than instruction execution or syscalls. + +So, this bug is likely a **runtime** error because it's related to how threads are managed during the execution, leading to a hang rather than an issue with instructions or system calls. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1707 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1707 new file mode 100644 index 000000000..ee5e8ec0c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1707 @@ -0,0 +1,17 @@ +<think> +Okay, let me try to figure out this bug report classification. So, the user has an issue where they're trying to run a binary using qemu-x86_64 on an aarch64 or LoongArch host, but nothing happens when they execute it. They built a simple hello.c with x86_cross gcc and used --static, so it's a static binary. + +They provided steps: build the hello program, build qemu-x86_64 on their non-x86 host, then run the qemu command. But no output is shown. + +The strace.txt shows that when they tried to run strace on the qemu process, it didn't execute properly—there was a signal 11 (SEGV) which means a segmentation fault occurred. This suggests that somewhere in the execution, there's an invalid memory access or some other issue causing the program to crash. + +Looking at the commit mentioned: it's about fixing brk() to release pages. Brk is related to heap management in Linux, so maybe this change introduced a bug when running x86 binaries under qemu on these architectures. The problem arises during runtime because the binary isn't executing as expected—it's crashing immediately. + +So, possible categories are instruction (faulty instruction), syscall error, or runtime issue. Since the segmentation fault happens at runtime and the commit is about heap management, which affects how memory is handled during execution, this seems like a runtime error rather than an instruction or syscall problem. The issue isn't that a specific system call is failing but that the program crashes due to incorrect handling of memory during its execution. + +Therefore, I think it's classified under 'runtime'. +</think> + +The bug occurs at runtime when running the binary in qemu-x86_64, specifically causing a segmentation fault, likely due to improper memory management introduced by the commit. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1715162 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1715162 new file mode 100644 index 000000000..26ee924bb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1715162 @@ -0,0 +1,11 @@ +<think> +Alright, so I need to classify this bug report related to QEMU crashing when writing a core dump. Let me go through the information step by step. + +First, looking at the backtrace from GDB: The crash happens in `sigsuspend` which is part of the signal handling library. Then it goes into `dump_core_and_abort` and proceeds through other signal handling functions like `handle_pending_signal` and `process_pending_signals`. This suggests that QEMU is trying to handle a signal, specifically a segmentation fault (since the target_sig is 11), but in doing so, it's causing itself to crash. + +The issue seems to be happening during runtime. It's not about an instruction being incorrect or a problem with a system call directly, but rather how signals are handled when trying to write a core dump. This points towards a runtime error because it occurs while the program is executing and handling exceptions, not necessarily in the execution of instructions or during a syscall. + +So, considering the categories: instruction issues would involve faulty CPU operations, syscalls would be about system call errors, but this seems more like an internal handling problem during runtime. Therefore, I think the category should be 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1716767 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1716767 new file mode 100644 index 000000000..524a39272 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1716767 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to figure out what's going on here. The user mentioned that when they run the `file` command on a QEMU SH4 user-mode setup, it throws an "Invalid argument" error. But on actual hardware, it works fine. + +First, let me break down what's happening. The `file` command is used to determine the type of a file. In this case, they're checking `/bin/bash`, which should be an executable file. On real hardware, it correctly identifies it as an ELF 32-bit LSB executable for Renesas SH. But in QEMU's user-mode emulation, it fails with "error reading (Invalid argument)". + +Looking at the debug output from running `file -d /bin/bash`, I see some odd behavior. The debug logs show a comparison where it seems like there's an overflow or incorrect value being used. For example, one line says `0 == 97 = 0` and another `0 == 18446744073709551615 = 0`. That second number looks like a very large value, possibly an unsigned integer overflow or incorrect handling of endianness. + +The error occurs during the softmagic checks in `file`, specifically when trying to read the ELF headers. Since QEMU is emulating the SH4 architecture, there might be issues with how it's handling system calls related to file I/O. The "Invalid argument" error typically comes from a syscall like `read` or `open` returning an error because one of the arguments was incorrect. + +I'm thinking that this could be related to how QEMU's user-mode emulator is handling certain syscalls for the SH4 architecture. Maybe there's a bug in the way it translates or executes these syscalls, leading to unexpected behavior when `file` tries to read the binary. + +Alternatively, it might not be directly a QEMU issue but rather something with how the `file` command interacts with the emulated environment. Perhaps some data structures or memory accesses aren't being handled correctly under emulation, causing the invalid argument error. + +Since the problem doesn't occur on actual hardware, it's likely an emulation-specific bug. The fact that the debug output shows unexpected values during the read process points towards a runtime issue within QEMU when executing `file` in this context. + +So categorizing this, it seems like a runtime error because it happens while running the program and not due to a faulty instruction or a problem with system calls themselves but how they're being handled by the emulator. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1724485 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1724485 new file mode 100644 index 000000000..d4041fd72 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1724485 @@ -0,0 +1,15 @@ +<think> +Alright, I'm looking at this bug report about an assertion failure in QEMU's arm_read_memory_func function. The user encountered the issue when running under target armeb-linux using qemu user mode with some debug flags. + +The problem arises when _dl_new_object calls strlen, which is implemented in Thumb2 mode (armv6t2). This leads to print_insn_arm() calling arm_read_memory_func(), and the assertion that info->endian == BFD_ENDIAN_LITTLE fails because it's actually big-endian. + +The user mentions that removing the assert allows execution to continue without issues. They also note that with the assert in place, QEMU stalls, which is problematic. + +Now, I need to classify this bug into one of the given categories: instruction, syscall, or runtime. + +Looking at the issue, it's related to how memory is being read by the disassembler during instruction decoding. The assertion is about endianness, which affects how bytes are interpreted. Since Thumb2 instructions can be 16-bit or 32-bit, the way they're read depends on endianness. + +The problem occurs during runtime execution when handling Thumb2 mode, so it's an issue that happens while the program is running, not necessarily due to a faulty instruction or a syscall error. Therefore, it falls under a runtime error. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1725267 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1725267 new file mode 100644 index 000000000..49061e438 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1725267 @@ -0,0 +1,15 @@ +<think> +Okay, I'm trying to classify this bug report related to QEMU. The user reported an issue after upgrading from version 2.7 to 2.8 and observed it persists in 2.10.1. They're using QEMU for GCC validation with atomic-exchange-4.exe. + +The problem occurs when running a test case involving atomics, which fails in newer QEMU versions but worked before. The error message shows an uncaught signal 6 (Aborted), leading to a core dump and exit code 134. + +Looking at the disassembly output with -d in_asm, there's a difference early in the startup code between QEMU 2.7 and 2.10.1. Specifically, the instruction at 0x40a17790 changes from 'addls pc, pc, r3, lsl #2' to something else. + +The key here is that the issue arises during execution, not necessarily with a specific system call or an invalid instruction. It's more about how QEMU handles the code at runtime, particularly in the context of atomic operations which involve low-level memory handling and concurrency. + +So considering the categories: 'instruction', 'syscall', or 'runtime'. Since it's related to how QEMU processes the code during execution rather than a specific syscall error or an invalid instruction being described, I think this falls under 'runtime'. +</think> + +The issue occurs during runtime when executing atomic operations, leading to an abort signal. It's not about an incorrect instruction or system call but the handling of code execution. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1734 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1734 new file mode 100644 index 000000000..3bd891671 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1734 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out what category this bug falls into for QEMU. The user mentioned that when using QEMU version 8.0 in user mode for an ARM binary, mmap-ing more than 1GB fails, whereas it works on older versions like v6.2. They provided a GitHub repo with a test application that mmaps multiple files. + +From the description, the issue occurs during runtime when the application tries to mmap large files. The problem seems related to memory management, specifically how QEMU handles address spaces. The user noted that after around 1GB of mapped memory, the mmap calls start failing, suggesting an issue with address space allocation. + +The initial thought is whether this is a syscall issue because mmap is a system call. However, since the behavior changes between QEMU versions and the problem arises from how memory is managed within QEMU's user mode, it might not be directly about the syscall implementation but rather how QEMU handles the process's address space. + +Another angle is considering the address where the ELF binary is loaded. The user tried moving it using -B 0x80000000, which suggests that the initial memory layout could be causing the issue. This makes me think about how QEMU maps processes in memory and whether it's correctly handling larger allocations beyond a certain point. + +The problem occurs at runtime when attempting to mmap large files, leading to failed calls after a certain threshold. This points towards an issue with memory management during execution rather than a problem with system call implementation or faulty instructions. + +So, putting this together, the bug is likely related to how QEMU's user mode handles memory allocation and mapping at runtime, specifically when dealing with large amounts of memory beyond 1GB. Therefore, it falls under the 'runtime' category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1735384 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1735384 new file mode 100644 index 000000000..55985aa70 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1735384 @@ -0,0 +1,21 @@ +<think> +Okay, so I need to figure out how to classify this bug report about OpenJDK JVM segfaulting on qemu-sh4 as part of QEMU. The possible categories are instruction, syscall, or runtime. + +First, let me understand what's happening. The user is reporting that when they run Java with the newer version, it crashes with a segmentation fault, but an older version works fine. They mentioned it's related to recent changes in OpenJDK, which introduced this regression. + +Now, looking at the categories: + +1. **Instruction**: This would involve a specific faulty instruction causing the issue. Maybe something like incorrect assembly code or miscompiled bytecode. +2. **Syscall**: This relates to issues when interacting with system calls. For example, if a syscall is returning an error or not handled properly. +3. **Runtime**: Other runtime errors that don't fall into instructions or syscalls. Could be memory management issues, threading problems, etc. + +In this case, the JVM crashes on startup with a segfault. Segmentation faults usually point to memory access issues—like accessing uninitialized pointers, invalid memory addresses, or buffer overflows. Since it's happening on qemu-sh4, which is an emulator for SH4 architecture, maybe there's a problem in how the JVM handles memory on this platform. + +Considering that the issue started after recent changes, it might be related to new code that isn't correctly handling the SH4 architecture within QEMU. Perhaps something in the garbage collector or native method handling has regressed, leading to improper memory access. + +It's less likely a syscall issue because the error occurs right at JVM startup when calling -version, which doesn't involve many syscalls yet. Also, the fact that an older version works suggests it's not a fundamental compatibility problem but something introduced in newer code. + +So, this seems like a runtime error because it's crashing during execution, likely due to memory management or handling specific to the SH4 architecture in QEMU. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1736 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1736 new file mode 100644 index 000000000..56856916b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1736 @@ -0,0 +1,29 @@ +<think> +Alright, let's break down this problem step by step to classify it correctly. + +First, looking at the issue description, the user is comparing debug logs from QEMU 7.1.0 and versions starting from 7.2.0. The key difference they noticed is in how the 'guest addr' is logged. In version 7.1.0, the guest address includes the full address like 0x00010000, but in 7.2.0 and later, it's just a page offset such as 0x00000000. + +The user provided debug outputs from both versions. In QEMU 7.1.0, the log shows the guest address with the full value starting at 0x00010000 and includes several instructions followed by their translated code. The output shows a clear mapping of guest addresses to host addresses. + +In contrast, for QEMU 7.2.0, the logs show the guest addr as just 0x00000000 with some added lines in the OUT section that manipulate the address. This change seems intentional but might be causing confusion or potential issues elsewhere if other parts of the system rely on the full guest address. + +The user mentioned looking into previous reports #1528 and #1697, suggesting this could be related to those bugs. They suspect it's either a new issue or an oversight in debug output formatting. + +Now, considering the categories: instruction, syscall, runtime. + +- **Instruction**: If there was an incorrect translation or handling of guest instructions, that would fit here. But the logs show correct translations; the problem is more about logging. + +- **Syscall**: This doesn't seem related to system calls but rather debugging output. + +- **Runtime**: This refers to errors that occur during runtime operation. However, the issue here isn't causing a crash or incorrect behavior but affects debug logs. + +Wait, perhaps I misread. The problem is in the debug output's guest address format, which could be misleading when analyzing translations. But since it doesn't cause a runtime error and only affects logging, maybe it's not a critical bug that fits into these categories directly. However, looking back, the user mentioned it might be an oversight leading to other issues. + +Alternatively, perhaps this is more about the debug output being incorrect, which could fall under runtime if it causes confusion during debugging sessions. But strictly speaking, it doesn't cause runtime errors but affects logging accuracy. + +But in the context of the provided categories, since the issue relates to how addresses are logged and not an error in instruction handling or syscalls, the closest category might be 'runtime' as it's an operational aspect affecting debug information. +</think> + +The issue pertains to a change in debug output formatting where guest addresses are now shown as page offsets instead of full addresses. This affects logging but doesn't directly crash or cause runtime errors beyond potential confusion. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1737444 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1737444 new file mode 100644 index 000000000..0f332ea43 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1737444 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to figure out what category this bug falls into. The user provided a detailed bug report about a conftest program crashing on qemu-sh4 when using gccgo. Let me break down the information given. + +The problem occurs when running a specific test program (setcontext.c) under qemu-sh4. The program uses pthread and ucontext.h, which are related to threading and context switching. When executed in the emulator, it results in an unhandled trap, specifically 0x180, with various register values showing different states. + +However, when run on a physical SH7785LCR evaluation board, the same program works fine without any issues. This suggests that the problem is likely not with the code itself but rather with how qemu-sh4 is handling certain operations. + +Looking at the code, it's using setcontext and makecontext, which manipulate the execution context of threads. The crash occurs when the thread calls setcontext, leading to an abort or unhandled trap. Since this works on real hardware, it points towards an issue in the emulator's handling of these system calls or contexts. + +Considering the categories provided: instruction, syscall, runtime. The problem doesn't seem to be a faulty instruction because the code runs correctly on real hardware. It also doesn't appear to be a straightforward syscall error since the issue arises from context switching which might involve deeper runtime operations. + +The most likely category is "runtime" because it's an issue that happens during execution, possibly related to how qemu manages thread contexts or handles certain system calls like setcontext and makecontext. Emulators can sometimes have bugs in their implementation of low-level system call handling, especially for less common architectures like SH4. +</think> + +The bug report describes a runtime error occurring when the program is run under qemu-sh4. The issue arises from how the emulator handles context switching, leading to an unhandled trap. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1738545 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1738545 new file mode 100644 index 000000000..89c5b8a2f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1738545 @@ -0,0 +1,15 @@ +<think> +Okay, I'm looking at this bug report where a Go binary panics with "mmap errno 9" when run on qemu-user. The user provided a simple Go program that works fine on real hardware but fails under QEMU. + +First, I need to understand what's causing the mmap error. Mmap is a system call used to map files or devices into memory. Errno 9 corresponds to EADDRFAULT, which typically means an invalid address was given. But in this context, it might not be directly about an invalid address but rather some issue with how QEMU is handling the process's memory. + +Since the same binary works on real hardware, the problem likely lies within QEMU's emulation environment. It could be that QEMU isn't correctly setting up the process's memory mappings when running Go binaries. + +Go uses a custom runtime and relies heavily on proper memory management. If QEMU is not handling certain system calls or memory operations correctly, it might cause these kinds of errors. The issue doesn't seem to be with a specific instruction (so not an 'instruction' category) nor directly related to a particular syscall error but more about how the runtime environment is being managed. + +Therefore, this bug seems to fall under the 'runtime' category because it's an issue within QEMU's handling of the process's runtime environment, specifically with memory mapping during program execution. +</think> + +The error occurs in QEMU's handling of the Go binary's runtime environment. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1740219 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1740219 new file mode 100644 index 000000000..3a3f447f8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1740219 @@ -0,0 +1,34 @@ +<think> +Okay, so I'm looking at this bug report about QEMU's user emulation having a long startup time when using a static build. The problem is that after updating from version 2.8 to 2.11, running `qemu-arm` takes several seconds instead of milliseconds. The issue seems to be happening in the `init_guest_space()` function within `elfload.c`. + +From what I gather, the main points are: + +1. **Problem Description**: With QEMU 2.11 static build, starting an emulation (like running `/my/arm-chroot/bin/true`) takes about 3 seconds instead of 0.006s as before. This doesn't happen with dynamically linked builds or older static builds. + +2. **Cause Analysis**: + - The function `init_guest_space()` is trying to map two parts of the address space: `[base, base+guest_size]` and `[base + 0xffff0000, ...]`. + - In QEMU 2.11, the default `guest_size` was increased from 0xf7000000 to 0xffff0000. + - Static builds disable PIE (Position Independent Executable) and thus ASLR (Address Space Layout Randomization), which affects where memory is mapped. + +3. **Behavior**: + - With the larger `guest_size`, the initial `mmap(NULL, ...)` call tends to return a base that's too close to an already mapped area. + - Without ASLR in static builds, the text segment starts at 0x60000000. This leaves no space before it for the required mappings, causing QEMU to try many different bases (over 12000 times) until it finds a suitable one. + +4. **Potential Fixes**: + - The idea of first mapping a larger chunk and then munmapping parts to create the needed spaces was mentioned but might not support sparse address space. + - Another thought is checking `/proc/self/maps` for available ranges before attempting `mmap`. + +5. **Categories to Choose From**: instruction, syscall, runtime. + +Now, considering these points, I need to classify this bug into one of the three categories: instruction, syscall, or runtime. + +- **Instruction**: This would involve issues with specific CPU instructions causing problems. The report doesn't mention any incorrect instructions being executed, so probably not. + +- **Syscall**: Problems related to system calls. While `mmap` is a syscall involved here, the issue isn't that the syscalls are failing or behaving incorrectly per se, but more about how QEMU's algorithm interacts with the memory mapping behavior. + +- **Runtime**: Errors that occur during runtime operations, which seems fitting because the problem arises in how QEMU manages its address space at startup. The long delay is due to repeated `mmap` attempts as it searches for a suitable base address, which is a runtime operation issue. + +So, the bug isn't about incorrect instructions or syscalls failing but rather the runtime behavior of QEMU's memory management algorithm. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1741 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1741 new file mode 100644 index 000000000..5fea090ff --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1741 @@ -0,0 +1,13 @@ +<think> +Alright, let's try to figure out how to classify this bug report. The user provided a commit hash and mentioned that it breaks some 32-bit architectures on Linux-user when running on amd64. + +First, I need to understand what each category means. The categories are instruction, syscall, or runtime. Instruction issues usually involve incorrect machine instructions causing problems. Syscall issues relate to system calls not working as expected. Runtime errors are other kinds of issues that happen while the program is running. + +Looking at the commit hash and the fact it's about a 32-bit architecture breaking on Linux-user (which I think is related to QEMU's user mode emulation), maybe this has to do with how instructions are being handled or translated between different architectures. + +But since it doesn't explicitly mention an instruction or a syscall error, perhaps it falls under runtime because it's a general issue occurring during execution in the emulator. + +So, after considering all that, I think the category is runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1748612 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1748612 new file mode 100644 index 000000000..8147281b7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1748612 @@ -0,0 +1,23 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU. The user mentioned that they were having trouble with the `-strace -D <file>` options not working as expected. They tried using `-D` to redirect the strace output to a file, but it didn't work because the log file was empty. + +They looked into the source code and found that the print function used wasn't `qemu_log`, which is probably what should be used for logging in QEMU, but instead, it was using `gemu_log`. That seems like a typo or mistake because I know QEMU uses `qemu_log` for its logging functions. + +So they replaced all instances of `gemu_log` with `qemu_log`, removed the declarations of `gemu_log`, and recompiled. After that, it worked fine. They also provided links to where in the source code the declarations were located. + +Now, I need to classify this bug into one of three categories: instruction, syscall, or runtime. The user is asking for just a single word as the category. + +First, let me understand each category: + +- **Instruction**: This would involve issues with how instructions are executed by QEMU. Maybe something related to the CPU emulation not handling an instruction correctly. + +- **Syscall**: This relates to system calls within QEMU. If there's a problem with how syscalls are handled or logged, this category might apply. + +- **Runtime**: Any other errors that occur during runtime but don't fall under instructions or syscalls. This is the catch-all category for issues like logging problems, incorrect function usage, etc. + +In this case, the issue was about logging not working as expected because a wrong logging function was used. The problem wasn't with system calls directly or CPU instructions; it was more about how logs were being handled in the code. The user had to fix the logging function, which suggests that it's an internal issue within QEMU's runtime environment. + +Therefore, this doesn't fall under instruction because it's not about executing instructions incorrectly. It also isn't a syscall issue since it's not about handling system calls but rather about logging. So, it must be a runtime error because it's something that happened during the execution of the program related to how logs are handled. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1755 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1755 new file mode 100644 index 000000000..7da4ac6a1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1755 @@ -0,0 +1,23 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report from the user about qemu-arm failing when executing a Cortex-M binary. Let me read through the problem description again and think it through step by step. + +So, the user is compiling a simple hello.c program for both cortex-m3 and cortex-a9 using arm-none-eabi-gcc. When they run the cortex-m3 version with qemu-arm -cpu cortex-m3, they get an assertion failure: "page_set_flags: Assertion 'last <= GUEST_ADDR_MAX' failed." But when they use cortex-a9, it works fine. + +The error message points to line 492 in user-exec.c, which is related to page_set_flags. The assertion failing because 'last' exceeds GUEST_ADDR_MAX suggests that the code is trying to set flags on a memory page beyond what's allowed by QEMU for guest addresses. + +Now, I need to classify this bug into one of the categories: instruction, syscall, or runtime. + +Let me think about each category: + +1. **Instruction**: This would be if there's an issue with how a specific ARM instruction is handled by QEMU. But in this case, the problem occurs when setting up memory pages, not during execution of any particular instruction. + +2. **Syscall**: If it were related to system calls failing or being mishandled, but the error here doesn't mention anything about syscalls, rather it's about page flags and address limits. + +3. **Runtime**: This category covers other runtime errors, like memory issues, assertion failures during execution that aren't tied to specific instructions or syscalls. + +Given that the error happens during the setup of the binary in user mode (qemu-arm is for user emulation), specifically when trying to set page flags beyond the allowed guest address maximum, it seems like a problem with how QEMU's memory management handles certain binaries. Since it started after a commit called "Make the commpage executable," perhaps that change introduced a bug in handling Cortex-M binaries which have different memory constraints or layouts compared to Cortex-A. + +So, this isn't about an instruction fault or a syscall issue but rather a runtime error during the execution setup due to incorrect page flag handling. Therefore, it should be classified under 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1756 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1756 new file mode 100644 index 000000000..2d5f48c19 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1756 @@ -0,0 +1,19 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report about QEMU. The issue seems to be related to the brk() system call on Linux causing a SIGSEGV error. Let me break it down step by step. + +First, the problem occurs when using qemu8-user on Linux. When brk(NULL) is called, it might return a value that doesn't point to an existing page. QEMU then tries to memset this area, which leads to a segmentation fault because that memory isn't actually there. + +The bug report mentions that the issue arises in the do_brk() function at line 867 of syscall.c. The problematic code is trying to memset from g2h_untagged(target_brk) to brk_page - target_brk. If target_brk points to a non-existent page, this causes a SIGSEGV. + +The user explains that Linux returns a random value for brk(NULL), which can be higher than the current heap but not necessarily valid. They also note that the way Linux computes the maximum brk value is based on the most recent execve(), which might not reflect the actual memory layout due to operations like mmap or munmap, especially in cases like UPX decompression. + +The suggested fix is for QEMU to avoid calling memset unless the first page of the range exists. Alternatively, they mention using prctl(PR_SET_MM_BRK) but note its limitations. + +Looking at the possible categories: instruction, syscall, runtime. The issue isn't about a faulty CPU instruction or an error in handling syscalls per se; it's more about how QEMU handles memory management during runtime, particularly after a system call. So this seems like a runtime error because it occurs while executing code and accessing memory that doesn't exist as expected. + +I think the category should be "runtime" since it's an error happening during program execution due to incorrect assumptions about the memory state returned by brk(). +</think> + +The bug report describes a runtime issue where QEMU assumes contiguous .bss after a brk() call, leading to accessing invalid memory. This causes a SIGSEGV. The problem occurs during execution when attempting to memset non-existent pages. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1756519 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1756519 new file mode 100644 index 000000000..a3901a350 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1756519 @@ -0,0 +1,13 @@ +<think> +Alright, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. + +Looking at the problem description, it involves QEMU crashing while running a test case from the libgomp test suite. The error message mentions issues during QOM path canonicalization in the do_fork() call when creating a CPU. The backtrace points to functions like object_get_canonical_path_component and cpu_create, which are part of QEMU's internal management. + +The crash occurs when handling multi-threaded code, specifically when OMP_NUM_THREADS is set to 5 or more. This suggests it's related to how QEMU handles threading or forking within its environment rather than a problem with an instruction execution or a specific syscall. + +Since the issue arises from object path canonicalization and CPU creation during fork, it doesn't seem to be directly caused by an incorrect instruction or a syscall error. Instead, it's more about runtime management—how QEMU manages objects and threads dynamically. + +Therefore, this bug falls under the "runtime" category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1756807 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1756807 new file mode 100644 index 000000000..df31ca6a0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1756807 @@ -0,0 +1,27 @@ +<think> +Alright, let's try to figure out what's going on here. The user has reported that running a command inside a chroot using proot and qemu-user is significantly slower on Ubuntu 18.04 compared to 16.04. They've provided logs from both systems showing the time taken for the same operation. + +First, I notice that the real time jumped from about 0.066 seconds to over 24 seconds. That's a massive increase—over 100 times slower. The user mentioned that proot hasn't changed between the two systems but qemu has been updated. So, it's possible that this issue is related to changes in the qemu version. + +Looking at the system specs, System 2 (Ubuntu 18.04) is lower spec than System 1 (16.04), but not by a huge margin. The CPU on System 1 is an i7-6700, which is more powerful than the i5-5300U in System 2, but even so, the performance hit seems too large for that difference alone. + +The user is using proot with qemu-arm-static to run a chroot. The command they're timing is a simple grep inside /usr/share/doc. The fact that this specific command is slow suggests it's something about how the emulation or the filesystem is handled. + +Looking at the logs, in System 1 (Ubuntu 16.04), the user time was 0.040s and sys time 0.008s, which are both very low. In contrast, on System 2, user time is 0.366s and sys time is a whopping 11.352s. The high system time suggests that the kernel is spending a lot of time handling this process, possibly due to increased overhead in the emulation layer. + +The qemu version in System 1 is 2.10.1, while in System 2 it's 2.11.1. I know that between these versions, there were some changes, especially in how qemu handles certain system calls or filesystem operations. It could be a regression introduced in the newer version. + +I should check if others have reported similar issues with qemu-user in Ubuntu 18.04. Maybe looking up bug reports related to performance regressions when using proot and qemu-arm-static would shed some light. If there's an existing issue, it might be that this is a known problem or at least something being looked into. + +Another angle could be filesystem handling. The user mentioned the chroot is just a Debian bootstrap, so maybe the way the files are accessed in the chroot is causing inefficiency. Perhaps newer qemu versions have more strict checks or different caching mechanisms that aren't as efficient as before. + +Also, considering that proot hasn't changed, but the environment has (different kernel, libraries), it might be an interaction between qemu and the host system's components. For example, changes in how syscalls are handled by the kernel could affect performance when using emulated environments. + +The fact that other software isn't affected suggests that the issue is specific to this particular setup—using proot with qemu-user for arm emulation. So it's not a general system slowdown but something particular to these tools working together in this configuration. + +Putting it all together, the bug seems to be related to how the newer version of qemu is handling certain operations when used with proot. The high sys time indicates that the issue occurs during runtime execution—maybe handling syscalls or filesystem operations less efficiently than before. + +Therefore, I would classify this as a runtime error because the problem arises during the execution of the process rather than being an instruction fault or a syscall error per se. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1756927 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1756927 new file mode 100644 index 000000000..083c5ec7e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1756927 @@ -0,0 +1,21 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the problem description again to understand what's going on. + +The issue is about an ARMv7 LPAE (Large Physical Address Extensions) scenario where a 'bkpt' instruction causes a prefetch abort exception. The IFSR (Instruction Fault Status Register) bit [9] isn't set correctly in this case, which should be indicating the use of LPAE. When the test program runs, it outputs "short-descriptor" instead of the expected "long-descriptor". + +The environment includes QEMU with a specific revision and Ubuntu 16.04 LTS with a Linaro cross-compiler. + +So, let's break this down. The 'bkpt' instruction is a software breakpoint used for debugging. When it triggers an exception (prefetch abort in this case), the system should set certain bits in the IFSR to describe the fault. However, bit 9 isn't being set when it should be, indicating that LPAE is active. + +Now, considering the categories: + +- **Instruction**: This would involve issues with how instructions are processed or executed. Since 'bkpt' is an instruction causing the problem, this could fit. +- **Syscall**: Issues related to system calls. Here, the problem isn't directly about syscalls but rather exceptions and registers during a specific instruction execution. +- **Runtime**: Errors that occur during runtime which aren't necessarily tied to a specific instruction or syscall. + +The bug is specifically about how an exception (prefetch abort) caused by a 'bkpt' instruction doesn't correctly set a bit in the IFSR. This seems more related to how exceptions are handled and how registers are updated, rather than a problem with the 'bkpt' instruction itself. So it's more of a runtime issue because it occurs during execution when handling an exception. + +Therefore, the category is likely **runtime**. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1761401 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1761401 new file mode 100644 index 000000000..934ab86a1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1761401 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU and an ARM/Neon rounding error. The user mentioned that when they use a specific commit from QEMU (47d3b60858d90ac8a0cc3a72af7f95c96781125a), one of the GCC ARM/Neon tests fails. This test involves converting floats to integers and it's giving an unexpected result—126 instead of 125. + +First, I need to understand what each category means. The options are instruction, syscall, or runtime. Instruction issues would involve a problem with how QEMU handles specific CPU instructions. Syscall errors relate to system calls not working correctly. Runtime errors are other kinds of problems that happen while the program is running. + +Looking at the bug description, it's about a rounding error during conversion from float32 to uint32_t using Neon instructions. The test passes on hardware and older QEMU versions, so this seems like a regression in how QEMU handles this particular operation. It doesn't mention any system calls failing or instruction decoding issues but rather an incorrect result due to rounding mode. + +So the issue is likely related to how QEMU emulates the floating-point conversion instructions with Neon. This falls under how the CPU instructions are being executed, which would be part of the runtime behavior because it's about the correct handling during execution rather than a missing instruction or system call problem. + +Therefore, I think this bug should be classified as a runtime error. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1761535 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1761535 new file mode 100644 index 000000000..c675784d9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1761535 @@ -0,0 +1,13 @@ +<think> +Alright, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's break down the information provided. + +The user is using qemu-aarch64-static to run an arm64v8/openjdk image on an x86 machine. They encountered a hang when using QEMU master version but not with older versions (2.5.0 and 2.11.1). + +When they tried to reproduce, the container hangs and produces a core dump. The terminal shows a segmentation fault (signal 11), which is a runtime error. Segmentation faults typically occur when a program tries to access invalid memory addresses. + +The coredump indicates that the issue happens during the execution of the Java compiler (javac). This suggests it's not an instruction-level problem because the code was running but crashed due to incorrect memory access, which is more about runtime behavior than a specific instruction or syscall. + +So, considering these points, the bug is related to runtime errors. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1763 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1763 new file mode 100644 index 000000000..b14b8c085 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1763 @@ -0,0 +1,25 @@ +<think> +Okay, so I'm trying to classify this bug report about ldd failing when using qemu-aarch64 within Docker. The user provided some steps and an additional warning message. + +First, let me understand what's happening here. They ran a Docker container with arm64v8/ubuntu:16.04 and tried to run 'ldd /bin/ls'. But they got an error where ldd exited with code 139. The warning mentions that the image platform doesn't match the host, which is amd64, so Docker might be running in compatibility mode or something. + +The issue seems related to using qemu-user-static for cross-architecture execution. From what I know, qemu-user-static allows running binaries of different architectures on a host machine, like running ARM code on an x86_64 machine. So when they run the container with arm64v8 image on an amd64 host, Docker probably uses qemu to emulate the ARM environment. + +Now, ldd is a tool that shows the shared libraries required by a binary. In this case, it's failing inside the container. The error code 139 suggests a segmentation fault because in Unix-like systems, exit codes above 128 often indicate signals; specifically, 139 is 128 + 11 (SIGSEGV). So ldd is crashing with a segfault. + +Looking at the issue link provided, it's about multiarch/qemu-user-static. The problem might be that qemu isn't properly handling the execution of certain binaries or system calls in this context. + +Now, to classify this bug into one of the given categories: instruction, syscall, runtime. Let's break down each category. + +- **Instruction**: This would involve a faulty CPU instruction being executed. Maybe if there was an invalid opcode causing the crash. +- **Syscall**: An error related to system calls, like a syscall not being handled correctly by qemu or the host. +- **Runtime**: Other runtime errors that don't fall into instructions or syscalls. + +In this case, ldd is crashing with SIGSEGV. That could happen if there's an invalid memory access. Since we're dealing with cross-architecture emulation, perhaps qemu isn't correctly translating some memory operations, leading to a crash when running ldd. + +Looking deeper, the problem might be in how qemu handles certain instructions or memory accesses when emulating ARM64 on an x86_64 host. It could also involve system calls if the emulation of syscalls is causing issues, but I'm not sure yet. + +But given that it's a crash (segfault), and without more specific info about whether it's an instruction issue or a syscall problem, maybe it's safer to classify it under runtime since it's a general runtime error during execution, not specifically tied to an instruction or a system call. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1765970 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1765970 new file mode 100644 index 000000000..17c6345b2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1765970 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out what category this bug falls into. The user reported that after upgrading QEMU from version 2.10.1 to 2.11.1 on their Gentoo host, they started encountering a segfault in qemu-arm when running Python and importing the portage module within a uclibc-ng chroot. They mentioned that other ARM chroots using glibc or musl don't have this issue, which is interesting. + +They also provided a backtrace from GDB showing where the segfault occurs. The trace indicates it's happening in `cpu_tb_exec` at `cpu-exec.c:167`. From what I know, QEMU uses TCG (Translation Cornucopia) for dynamic translation of guest code into host code. So any issues here could be related to how QEMU handles instruction execution or memory management. + +The user did some bisecting and found that a specific commit introduced the problem. They reverted a change related to `MAX_RESERVED_VA` from 0x77000000 to a different value, which fixed the issue for them. I'm not entirely sure what `MAX_RESERVED_VA` does, but it sounds like it's related to memory reservation or address space management in QEMU. + +Looking at the possible categories: instruction, syscall, runtime. The bug seems to be happening during runtime because it occurs while executing code (specifically Python importing a module). It's not a faulty instruction per se, nor is it directly related to a system call. Instead, it's an issue that arises when QEMU is running and handling the guest's execution. + +So, considering all this, I think the category should be 'runtime'. +</think> + +The bug occurs during runtime when executing code in the uclibc-ng chroot, specifically within QEMU's TCG subsystem, leading to a segfault. This isn't an issue with an instruction or syscall but rather how QEMU handles execution. + +**Answer:** runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1768 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1768 new file mode 100644 index 000000000..d73c24552 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1768 @@ -0,0 +1,9 @@ +<think> +Alright, let's see. The user provided a bug report related to QEMU where they couldn't allocate more than 2GB on a 32-bit platform that should support up to 4GB. They included steps to reproduce and some code snippets. + +The problem seems to be in the functions pageflags_find and pageflags_next within user-exec.c. The issue is with the third parameter being target_long instead of target_ulong, causing sign extension issues when converting to uint64_t. That makes me think it's a type mismatch leading to incorrect calculations or allocations beyond 2GB. + +Looking at the classification options: instruction, syscall, runtime. Since this isn't about an instruction or a system call error but rather how memory is managed during execution, it falls under runtime issues. The bug occurs while running the program due to incorrect handling of parameters in those functions. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1768246 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1768246 new file mode 100644 index 000000000..e23ebfb28 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1768246 @@ -0,0 +1,17 @@ +<think> +Alright, let's try to figure out how to classify this bug report. The user provided an error message from QEMU when running OpenJDK on qemu-sh4. The error is an assertion failure at cpu-exec.c:648 in the function cpu_loop_exec_tb, specifically that `use_icount` failed. + +First, I need to understand what each category means: + +- **Instruction**: This would involve issues with specific CPU instructions not being handled correctly. +- **Syscall**: Problems related to system calls made by the guest OS or applications. +- **Runtime**: Other runtime errors that don't fall into instruction or syscall categories. + +Looking at the error, it's an assertion about `use_icount`. I remember that in QEMU, `icount` refers to instruction counting, which is used for timing and ensuring deterministic execution. The assertion failure suggests that somewhere in the code, the expectation that `use_icount` is true (or set) isn't met. + +This seems like a runtime issue because it's about how the emulator handles execution, not necessarily a problem with an individual instruction or a system call. The crash happens during the normal operation of running Java via OpenJDK, indicating a problem in how QEMU manages its internal state or processes during execution. + +I don't see any mention of specific instructions failing or system calls causing issues. It's more about the emulator's internal mechanisms for counting and timing instructions, which falls under runtime operations. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1773743 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1773743 new file mode 100644 index 000000000..e251a57f8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1773743 @@ -0,0 +1,13 @@ +<think> +Okay, I'm trying to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's break down what the user described. + +The issue occurs when using QEMU with specific options and then attaching GDB. The command `qemu-x86_64` is run with `-E LD_PROFILE=libc.so.6` which seems to enable profiling for a library, `-g 12345` sets up a gdbserver, and `-L /` specifies the root directory. Then, in another window, GDB connects to this server and continues execution. + +The problem is that QEMU segfaults when `sigprof` is passed to GDB. The user mentions that they patched `gdbstub.c` to ignore `SIGPROF`, which stops the segmentation fault but means they can't catch profiling signals in GDB anymore. + +So, what's happening here? Profiling involves sending `SIGPROF` signals when certain events happen (like function calls). When QEMU is running under a debugger (GDB), it might mishandle these signals. The issue isn't with the instruction execution or a specific system call but rather how signals are being processed at runtime. + +The crash happens during runtime due to improper handling of `SIGPROF` signals, which suggests that the bug falls under runtime errors. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1774149 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1774149 new file mode 100644 index 000000000..b0f95093f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1774149 @@ -0,0 +1,21 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. + +First, let's understand what the issue is about. The user is running QEMU with gdbserver and encountering problems when calling functions from GDB. Initially, they get an error about not being able to fetch registers like "fs_base" and "orig_rax". They applied a patch which fixed that but then faced another issue where function calls in GDB only worked once. The second time, it couldn't access memory at a certain address. + +Looking deeper, the user provided two patches. The first was in gdbstub.c, modifying how registers are handled, specifically returning 8 or 4 bytes for x86_64 and i386 respectively. This suggests that GDB was requesting register sizes that QEMU wasn't handling correctly, possibly because these are considered "fake" registers not actually present on the CPU but needed by GDB. + +The second patch was in exec.c, modifying how memory is accessed, specifically allowing writes if either PAGE_WRITE or PAGE_WRITE_ORG flags are set. This indicates an issue with page permissions—after the first function call, a page became read-only, preventing further modifications like setting breakpoints on the stack. + +Now, considering the categories: + +- **Instruction**: This would involve issues with how specific CPU instructions are handled. The problems here don't seem to be about incorrect instruction execution but rather about memory access and register handling. + +- **Syscall**: Issues related to system calls. There's no mention of syscalls failing or behaving incorrectly, so this doesn't fit. + +- **Runtime**: This category covers other runtime errors not related to instructions or syscalls. The issues here involve memory permissions and how the debugger interacts with the process in QEMU's environment, which are runtime problems affecting debugging functionality. + +Therefore, the bug falls under the "runtime" category because it involves how the program runs within QEMU, specifically regarding memory access and register handling during debugging. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1777226 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1777226 new file mode 100644 index 000000000..1a451ebbf --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1777226 @@ -0,0 +1,27 @@ +<think> +Okay, so I'm trying to classify this bug report about qemu-user emitting warnings that are confusing userland applications. The user provided an example where the configure script for OpenJDK-11 on qemu-sh4 is giving errors because it's interpreting qemu's warning as part of its own output. + +First, I'll read through the problem description again. They mention that qemu emits a warning about an unsupported syscall (number 318), which gets picked up by the configure script, causing it to fail. The user suggests that redirecting these warnings away from stdout/stderr would fix the issue. + +Now, looking at the possible categories: instruction, syscall, runtime. Let me think about each one. + +- **Instruction**: This category is for bugs where a specific instruction is faulty. Here, the problem isn't with an instruction but rather with warning messages being outputted. So probably not this one. + +- **Syscall**: The error in the example is about an unsupported syscall (number 318). That seems relevant because it's related to how qemu handles system calls. But wait, the main issue here is that the warnings are causing problems for applications reading stdout/stderr, not necessarily the handling of the syscall itself. + +- **Runtime**: This category covers other runtime errors that don't fit into instruction or syscall. Since the problem occurs during the execution when qemu emits these warnings which interfere with application output, it might fall under runtime issues because it's about how the emulator behaves while running applications. + +Wait, but the warning is specifically about a syscall not being supported. So perhaps it's more directly related to handling syscalls in qemu. The user points out that this specific error occurs during a syscall, which suggests that the problem is with how qemu handles certain system calls and then emits warnings that interfere with application output. + +But the classification isn't about whether the issue is with a syscall itself but rather what category it falls into based on the given options. The bug report's primary concern is that the warning messages are causing issues, which could be seen as a runtime problem because they affect how applications run under qemu. + +Hmm, I'm a bit torn between 'syscall' and 'runtime'. Since the warning is about an unsupported syscall (318), it seems related to syscalls. However, the issue arises from the warnings themselves interfering with application output, which could be considered a runtime behavior of qemu. + +Wait, looking back at the possible categories, the instruction category doesn't fit here because we're not dealing with specific CPU instructions but rather system calls and warning messages. So between syscall and runtime. + +The problem is that when qemu handles an unsupported syscall, it outputs a warning to stderr or stdout, which affects applications expecting clean output. Therefore, the issue is about how qemu's warnings are handled during runtime, interfering with application output. + +So I think 'runtime' would be the appropriate category because it's about how qemu behaves while running applications and emitting warnings that cause issues for those applications. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1779 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1779 new file mode 100644 index 000000000..edb970e34 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1779 @@ -0,0 +1,25 @@ +<think> +Okay, so I'm trying to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me go through it step by step. + +The problem description mentions that PowerPC AltiVec source vector subnormal values are not flushed to zero. It says that according to the specification, both source and result vectors should be flushed in NJ mode, but only results are being flushed. + +Looking at the steps to reproduce, they compile a Rust program using the altivec target feature. The function 'add' uses AltiVec instructions to add two floats. When adding -1.0857398e-38 and 0., the result is expected to be zero with positive sign because if the subnormal input was flushed, it would become +0, but since only output is flushed, it's resulting in -0. + +The issue seems to arise from how the AltiVec unit handles subnormal numbers. The program expects that both source and result vectors are flushed, but only results are being handled correctly. + +Now, looking at the categories: + +- Instruction: This would be if there was a problem with a specific instruction or its behavior. +- Syscall: If it's related to system calls not working as expected. +- Runtime: Errors happening during runtime that aren't necessarily due to instructions or syscalls. + +In this case, the issue is about how AltiVec handles subnormal values in vectors. It's an error in how the hardware (or emulator) processes these values, specifically during vector operations. Since it's related to instruction handling—specifically, how the Altivec unit flushes subnormals—it might seem like an instruction issue. + +But wait, the problem is about the way QEMU emulates the AltiVec instructions. It's not a bug in the hardware instruction but in how QEMU is implementing the behavior of those instructions. So it's more about runtime behavior because it's during execution that the incorrect flushing happens. + +Therefore, this falls under 'runtime' errors. +</think> + +The issue arises from how QEMU emulates AltiVec instructions, specifically regarding subnormal value handling during runtime. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1779634 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1779634 new file mode 100644 index 000000000..c3aac8fe3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1779634 @@ -0,0 +1,20 @@ +<think> +Alright, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me go through each point step by step. + +The user is running x86_64 binaries on an aarch64 system using QEMU's user-mode emulation. They've set up binfmt_misc to use the static qemu-x86_64 interpreter. When they run their Docker container and execute the firmware upgrade tool, they encounter "Synchronous External Abort" errors in dmesg. + +Looking at the error message, it mentions a synchronous external abort at a specific memory address. This suggests that the CPU encountered an exception during execution. Synchronous aborts typically occur when there's an issue with the instruction being executed or the data access. + +In this context, since they're using QEMU to emulate x86_64 on aarch64, the problem might be in how the emulator handles certain instructions or memory accesses. The error happens during runtime when executing the tool inside Docker. + +Possible causes could include a misconfiguration in binfmt_misc, incorrect QEMU setup, or an issue with the binary being executed. It's also possible that there's a bug in the QEMU user-mode emulation for x86_64 on aarch64. + +Considering the categories: +- Instruction: If it was a specific faulty instruction causing the problem. +- Syscall: If the error were related to system calls between the host and guest. +- Runtime: Since this is an error that occurs during execution, likely due to how QEMU handles certain operations at runtime. + +Given that the issue arises when running the tool inside Docker using the emulated environment, it's more about runtime behavior rather than a specific instruction or syscall issue. The emulator might be failing to handle a particular operation correctly during runtime, leading to the abort. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1785734 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1785734 new file mode 100644 index 000000000..7f04c403b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1785734 @@ -0,0 +1,11 @@ +<think> +Okay, I need to classify this bug report about QEMU into one of three categories: instruction, syscall, or runtime. + +Looking at the description, the issue involves a movdqu instruction causing a partial write across a page boundary when executed in TCG mode. The test shows that when such an instruction is attempted, it results in a page fault and partially writes to memory before handling the fault. + +The problem seems to stem from how the emulator handles this specific instruction's execution, particularly at a page boundary where a page fault occurs. It's related to the processing of the instruction during runtime rather than any system call or an issue with instructions themselves. The runtime environment is not correctly managing the partial write scenario caused by the movdqu instruction. + +So, this bug is about how QEMU handles the execution of this instruction at a low level during runtime, leading to unexpected memory writes. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1793539 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1793539 new file mode 100644 index 000000000..46567d2f5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1793539 @@ -0,0 +1,19 @@ +<think> +Okay, so I have this bug report where someone is trying to build gedit for RISC-V and they're encountering an issue with QEMU. The error message says something about receiving a signal outside the vCPU context at specific program counters. I need to figure out which category this bug falls into: instruction, syscall, or runtime. + +First, let me understand what's happening here. They're running gedit using qemu-riscv64 and providing some environment variables. The error message mentions signals being handled outside of the virtual CPU context. QEMU is an emulator that provides a virtualized environment for running different architectures, so in this case, it's emulating RISC-V. + +The error occurs during runtime because they're executing gedit after building it. The signals are being received when the program is running, not necessarily at build time. So that makes me think it's related to something happening while the application is executing within QEMU. + +Now, looking at the possible categories: + +1. Instruction: This would involve issues with specific CPU instructions. If QEMU couldn't handle a particular instruction, we might see errors about unknown or unimplemented opcodes. But here, it's about signals outside vCPU context, which doesn't seem to be an instruction issue. + +2. Syscall: Errors related to system calls could occur if the guest OS is making syscalls that QEMU isn't handling properly. However, the error message doesn't mention anything specific about syscalls failing or being unhandled. It's more about signals and context. + +3. Runtime: This category covers other errors during runtime that don't fall into instructions or syscalls. The problem here seems to be with how QEMU is handling exceptions or signals outside of the virtual CPU context, which could cause instability or crashes in the emulated environment. Since it's a runtime error related to signal handling within QEMU itself, this fits better under runtime issues. + +So putting it all together, the issue isn't about an instruction being faulty or a syscall problem but rather something happening during the execution of the program that causes QEMU to mishandle signals outside its expected context. Therefore, it's classified as a runtime error. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1796520 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1796520 new file mode 100644 index 000000000..8f28404b6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1796520 @@ -0,0 +1,9 @@ +<think> +Okay, I need to classify this bug report for QEMU. The issue occurs when running "autogen --help" on qemu-sh4-user after a specific commit, resulting in an unhandled trap. The error message shows a trap 0x180 and various register states. + +Looking at the commit details, it's about adding missing FPSCR.PR == 0 checks for frchg and fschg instructions. This suggests that without these checks, the code might be causing incorrect behavior when PR isn't zero. + +The crash happens during runtime, so this is an execution issue rather than a problem with an instruction or syscall. Therefore, the category should be "runtime". +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1798 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1798 new file mode 100644 index 000000000..7f853a81d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1798 @@ -0,0 +1,11 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report about converting malloc/calloc/free to g_malloc/g_new/g_free etc in QEMU. The possible categories are instruction, syscall, or runtime. + +First, I need to understand what each category means. "Instruction" would involve a problem with an assembly instruction, which doesn't seem relevant here. "Syscall" relates to system calls, so if the issue was about how the program interacts with the OS through syscalls, that might fit. But this bug is about memory management functions. + +The report mentions converting standard C library functions like malloc and free to their GLib equivalents, g_malloc and g_free. This suggests it's an issue during runtime when these functions are used, possibly causing memory leaks or incorrect allocations. Since the problem arises while running the program due to improper memory handling, it falls under "runtime" errors. + +So, I think the category is runtime because it's about how memory is managed at runtime rather than issues with instructions or system calls. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1799200 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1799200 new file mode 100644 index 000000000..895fb0c07 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1799200 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. The user provided some code snippets and a call stack from QEMU where a crash occurred. Let me try to understand what's going on. + +Looking at the code, in i386_tr_insn_start, they're inserting custom TCG helper functions. They create a pointer with tcg_const_ptr and pass it to gen_helper_mad_exec. Then they proceed as usual. + +The call stack shows that the crash happens in tcg_emit_op during an op_movi_i64 operation. The trace leads through several functions related to generating code, specifically around TCG operations and instruction generation in QEMU's target i386 code. + +So the issue isn't about a faulty CPU instruction or a syscall error. Instead, it seems like there's a runtime problem within the translation process when generating intermediate code for execution. The crash happens during the execution of the generated code, which suggests that something went wrong in how the TCG helper functions were integrated or how memory is being handled. + +Therefore, this bug should fall under the 'runtime' category because it's an error occurring at runtime due to improper handling within the QEMU accelerator. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1805 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1805 new file mode 100644 index 000000000..3c449d77f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1805 @@ -0,0 +1,19 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The issue is about a CI job called `build-user-hexagon` not correctly testing Hexagon. The user provided logs showing that the compiler being used is x86_64 GCC instead of the intended Hexagon cross-compiler. They noticed that the toolchain installs clang but doesn't rename it to something target-specific, so the build system uses the native compiler. + +The problem arises during configuration when Meson tries to use `clang` as a native compiler, which fails because it's actually meant for Hexagon. The user suggests renaming the compiler binary and setting the cross-prefix correctly. + +This seems like an issue with how the build environment is set up, specifically in the CI container. It's about misconfiguration leading to using the wrong compiler, causing build failures. Since this affects the compilation step, which happens at build time rather than runtime, but I'm not sure if it fits into 'runtime' errors. + +Wait, 'instruction' refers to faulty instructions, like assembly issues. 'Syscall' is about system calls failing. This problem isn't about either of those; it's more about the build configuration and toolchain setup. So maybe none of these categories fit perfectly, but perhaps 'runtime' could be a stretch if it affects execution somehow. + +But actually, since this issue occurs during the build process due to incorrect compiler usage, it might not fall directly into any of these three categories provided. However, among instruction, syscall, and runtime, I'm leaning towards 'instruction' because it's about how the compiler is being used or instructed incorrectly. But that feels a bit off. + +Alternatively, perhaps this doesn't fit neatly into any of these categories, but since I have to choose one, maybe 'runtime' isn't accurate either. Hmm, maybe I should consider whether this affects runtime behavior. If the build uses the wrong compiler and produces incorrect binaries, then running those would cause issues at runtime. But the problem described is about the CI job not testing Hexagon correctly during build time. + +I think the best fit might be 'runtime' because it's an error that occurs when trying to run code (Meson tries to check if executables are runnable), but I'm not entirely sure. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1807 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1807 new file mode 100644 index 000000000..a22b0b054 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1807 @@ -0,0 +1,36 @@ +<think> +Okay, so I'm looking at this bug report where someone is trying to run a C++ program compiled for SPARC64 architecture on Ubuntu 23.04 using QEMU. The issue they're facing is that when they run their program with qemu-sparc64-static, it results in a segmentation fault. They also tried other QEMU variants like sparc and sparc32plus, but those just say the ELF image is invalid for that architecture. + +First, I need to figure out what's going on here. The user wrote a simple program that uses puts to print "Hello World". When they compile it statically with sparc64-linux-gnu-g++, the executable is created, but when run under QEMU, it crashes with a segfault. + +Looking at the steps: + +1. They check the version of g++ for SPARC64 and it's fine. +2. They create a test.cpp file with puts. +3. They compile it statically to avoid dependency issues, which makes sense because if they don't, QEMU might not have the right shared libraries. +4. Then they run it under qemu-sparc64-static, but get a segmentation fault. + +I remember that SPARC64 is a 64-bit architecture, and sometimes there can be issues with how different parts of the system handle 64-bit code versus 32-bit. But in this case, since they're using the static compiler, it should include all necessary dependencies within the executable. + +The segmentation fault when using printf or puts suggests that something is going wrong in the C runtime library. Maybe there's an issue with how the SPARC64 emulator initializes the stack or handles certain instructions related to I/O functions. Alternatively, perhaps the QEMU version they're using has a bug in its emulation of the SPARC64 architecture, especially when it comes to handling system calls that printf would make. + +Another possibility is that the static linking isn't correctly setting up some environment variables or necessary libraries for the program to run properly under QEMU. Or maybe there's an issue with how the g++ compiler on Ubuntu handles certain optimizations or code generation for SPARC64, leading to incompatible binaries when run in the emulator. + +I also notice they tried running it without the 64-bit variant and got invalid ELF errors, which makes sense because those emulators expect different architectures. So the problem is specific to the sparc64-static version of QEMU. + +Considering the categories provided: instruction, syscall, runtime. The segmentation fault typically occurs at runtime when accessing memory improperly or due to a bug in the program or libraries. Since this happens during execution and not necessarily during compilation or linking, it's likely a runtime issue rather than an instruction-level problem. However, I should consider whether it's a problem with how system calls are handled by QEMU. + +Wait, if the segfault is happening in puts, which involves a system call to write to stdout, maybe there's an issue with how QEMU handles these syscalls for SPARC64. That could fall under the syscall category. But sometimes, issues can be more about the environment setup rather than thesyscall itself. + +Alternatively, if it's a problem within the code generated by g++, perhaps the way it's handling stack frames or function calls isn't compatible with QEMU's SPARC64 emulation, leading to runtime errors like segfaults. + +Hmm. I think the key here is that the issue arises during runtime when trying to execute puts. Since it's not a problem with compiling or linking (the executable is created successfully), but rather when running under QEMU, it's more likely related to how the program interacts with the emulator at runtime. So this would fall under the 'runtime' category. + +But wait, I should also consider if it's an issue with QEMU itself not handling certain system calls correctly for SPARC64. That might be a syscall problem because puts relies on syscalls like write(). If QEMU isn't properly emulating those syscalls for 64-bit SPARC, that would cause the crash. + +However, since the user is using static linking and the program works when run natively (if it did), but fails under QEMU, I think the issue might be more about how QEMU handles certain runtime aspects specific to SPARC64 binaries. Therefore, classifying it as a runtime error seems appropriate because it's happening during execution due to some incompatibility or bug in the emulator. + +So, putting it all together, the problem is likely related to the runtime environment provided by QEMU for SPARC64 when executing certain system calls or library functions. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1808563 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1808563 new file mode 100644 index 000000000..660597937 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1808563 @@ -0,0 +1,15 @@ +<think> +Alright, I'm trying to classify this bug report for QEMU. Let's see what's going on here. The user is experiencing an issue where listing the contents of '/' using qemu-arm doesn't show the expected directories but instead shows something related to QEMU_LD_PREFIX. + +So, in their example, when they run 'ls /', it lists 'etc lib usr' which seems to be the contents of the directory set by QEMU_LD_PREFIX. But when they actually run 'ls /' on their system, it's showing a normal filesystem structure with boot, bin, etc. This suggests that when using qemu-arm, the root directory is being remapped or intercepted incorrectly. + +Looking at strace output, there's an openat call targeting '/tmp/qemu/usr/armv7a-cros-linux-gnueabi', which indicates that QEMU is trying to access a different directory than intended. The user also mentions that changing the code to use chdir("/"); opendir(".") works fine, implying that it's related to how directories are being opened or handled in QEMU. + +Now, thinking about the categories: instruction, syscall, runtime. Instruction issues would involve incorrect assembly or specific CPU instructions causing problems. Syscall errors relate directly to system calls like open, read, etc., not working as expected. Runtime issues could encompass a broader range of operational problems during execution that aren't tied to specific instructions or syscalls. + +In this case, the problem seems to be with how QEMU is handling directory operations when using certain prefixes. It's causing files in the wrong directory to be listed. The strace shows openat being used on the QEMU_LD_PREFIX path instead of the actual root. This points more towards a runtime issue because it's about the execution environment and how directories are handled, possibly due to configuration or setup within QEMU rather than a faulty instruction or a problem with individual syscalls. + +So I think this is a runtime bug because it's related to how QEMU operates during execution when handling directory lookups, specifically when certain prefixes are set. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1808565 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1808565 new file mode 100644 index 000000000..dd7939984 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1808565 @@ -0,0 +1,15 @@ +<think> +Alright, so I'm trying to figure out how to classify this bug report related to QEMU. The user mentioned that when they read `/proc/self/task/<pid>/maps` in QEMU 3.1.0, it doesn't get remapped correctly. They noted that the code handling `is_proc_myself` supports remapping for some proc files but not others like `/proc/self/task/<tid>/maps`. Extending this function would fix the issue. + +First, I need to understand what each category means. The categories are instruction, syscall, and runtime. + +- **Instruction** refers to issues with individual machine instructions or assembly code. +- **Syscall** involves errors in system calls made by the program. +- **Runtime** covers other runtime errors not related to instructions or syscalls. + +This bug seems to involve how QEMU handles certain proc filesystem entries during execution, specifically when trying to remap `/proc/self/task/<tid>/maps`. It's about how the process is managed and data structures are handled at runtime. The function `is_proc_myself` isn't handling these specific files, leading to incorrect mapping. + +Since it's related to the code not properly handling certain file paths in the proc filesystem during runtime, this falls under a runtime error. There's no mention of specific instructions or syscalls failing; rather, it's about how the process is being managed while running. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1812 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1812 new file mode 100644 index 000000000..6057ebfa8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1812 @@ -0,0 +1,19 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me go through the details step by step. + +The problem is that older aarch64 programs are segfaulting when run under qemu-aarch64 after a specific commit. The user provided steps to reproduce the issue, which involves setting up a chroot environment with an old userspace (Debian jessie or Ubuntu xenial) and then running qemu-aarch64 on /bin/ls inside that chroot. This results in a segmentation fault. + +The user mentions that not all programs fail—dash works, but ls and bash do not. They also note that reverting the mentioned commit fixes the issue. The problem started after commit 59b6b42cd3446862567637f3a7ab31d69c9bef51 in QEMU, which suggests something changed in how QEMU handles these programs. + +Now, considering the categories: + +- **Instruction**: This would involve a specific instruction causing issues. The report doesn't mention any particular instructions failing or disassembler errors, so this seems less likely. + +- **Syscall**: If it were a syscall issue, we might expect problems with system calls between the host and guest. However, dash works, which is a shell that makes many syscalls, but ls doesn't, suggesting it's not a general syscall problem. + +- **Runtime**: This category covers other runtime errors, such as issues during execution like memory management or CPU feature handling. The segfaults suggest something is wrong in the execution environment. Since older userspace might not handle recent CPU features correctly when emulated, this seems to fit. QEMU's changes could be causing compatibility issues with how the old binaries interact with the emulated CPU. + +The problem likely arises from how QEMU is handling certain instructions or features that older binaries aren't prepared for, leading to segfaults during execution. This aligns with a runtime issue rather than a specific instruction or syscall error. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1812451 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1812451 new file mode 100644 index 000000000..5fcfcb112 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1812451 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to classify this bug report for QEMU's TFTP server component. The issue seems to be related to an arbitrary file read vulnerability on Windows hosts. Let me break it down step by step. + +First, looking at the code snippet provided from tftp.c line 343. It checks if the requested filename starts with "../", ends with a '/', or contains "/../". If any of these are true, it sends an error and returns, preventing the access. This is intended to block directory traversal attacks by ensuring that files can't be accessed outside the intended directory. + +However, the problem arises because this check only considers forward slashes ('/') as path separators. On Windows systems, paths use backslashes ('\') instead of forward slashes. So, a malicious request could use backslashes to bypass these checks and escape the restricted directory. + +For example, if someone sends a filename like "..\..\Windows\system32\cmd.exe", the current checks wouldn't catch it because they're looking for '/' not '\'. This allows the attacker to read files outside the TFTP directory on a Windows host, which is a security vulnerability. + +Now, considering the categories provided: instruction, syscall, runtime. The issue here isn't about an incorrect instruction or a problem with system calls directly. It's more about how the code handles certain inputs during runtime, specifically not accounting for different path separators in Windows. This oversight leads to a security flaw where improper input handling allows unauthorized file access. + +Therefore, this bug is best classified under "runtime" because it occurs due to incorrect handling of input during the execution of the program. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1812861 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1812861 new file mode 100644 index 000000000..cb783d001 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1812861 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. The user provided some code that causes a crash when run under QEMU in user-mode emulation. The code is pretty simple: it defines a function pointer pointing to an invalid address and then tries to call it. + +When they run the program using qemu-arm-static, they get an error about a failed assertion related to tb_lock, which stands out because usually you'd expect just a segmentation fault message. They also mention that the expected result is different—it should show a core dump with signal 11 (Segmentation fault) instead of these assertion errors. + +Looking at the possible categories: instruction, syscall, runtime. The issue here seems to be happening when QEMU tries to execute an invalid address. That would likely involve how QEMU handles invalid memory accesses or function calls to non-existent addresses. + +The error message mentions translate-all.c and tb_lock, which makes me think it's related to the translation block locking mechanism in QEMU. This suggests that during emulation, something is going wrong when trying to lock a translation block because another thread might already hold the lock. But since this is user-mode emulation, perhaps it's not handling the invalid function call correctly. + +Since the crash isn't just a simple segmentation fault but involves internal assertions failing, it points more towards an issue in how QEMU handles runtime errors or specific instructions rather than a syscall or an outright instruction fault. The problem arises during execution when trying to jump to an invalid address, which falls under runtime behavior because it's about how the emulator manages such situations at runtime. + +So I'm leaning towards 'runtime' as the category because it's about unexpected behavior during the execution of the program rather than a specific instruction being faulty or a syscall issue. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1813398 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1813398 new file mode 100644 index 000000000..c24692e5c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1813398 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. + +Looking at the problem description, it's about QEMU hanging when using malloc after a fork in a multi-threaded process on a Musl-based system. The issue arises because QEMU calls malloc in a pthread_atfork handler, which isn't safe since the parent is multi-threaded. + +The stack trace shows that the hang occurs at the malloc function called during a fork. This seems to be happening at runtime when certain threads interact with the fork syscall and memory allocation functions concurrently. + +Since the problem happens while running the program and involves interactions between threads and system calls, it doesn't seem to be an issue with an individual instruction or a direct error in the syscall itself. Instead, it's related to how resources are managed during runtime, especially around forking and thread safety. + +Therefore, this bug should fall under the 'runtime' category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1814128 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1814128 new file mode 100644 index 000000000..fa66bc344 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1814128 @@ -0,0 +1,27 @@ +<think> +Alright, I'm looking at this bug report related to QEMU and trying to classify it into one of three categories: instruction, syscall, or runtime. Let me go through each part step by step. + +First, the provided information includes details about the ELF file structure, sections, program headers, dynamic section entries, etc. This seems more technical and low-level, focusing on how the binary is structured and how it's loaded into memory. + +Looking at the sections, I see things like .text, .data, .bss, which are standard in binaries. The program headers mention LOAD segments with certain permissions (R, E for execute), DYNAMIC entries, TLS, GNU_EH_FRAME, etc. These details relate to how the binary is executed and managed by the system. + +The dynamic section lists various tags like INIT, FINI, INIT_ARRAY, etc., which are related to the startup and shutdown of the program, including function pointers for initialization and finalization routines. This ties into runtime processes because these functions are called when the program starts or exits. + +The presence of GNU_HASH indicates the use of a specific symbol hashing method, which is part of the dynamic linking process. Symbols like .dynsym and .dynstr are also involved in dynamic linking, which occurs at runtime when shared libraries are loaded. + +Tags like DEBUG might point to debugging information, but the absence of a debugger setup doesn't directly indicate an error category here. The GNU_RELRO (Relocatable Read-Only) segment is about security hardening, preventing certain types of attacks by making parts of memory non-writable after relocation. However, this is more about binary structure than runtime errors. + +The note sections like .note.ABI-tag and .note.gnu.build-id are informational and don't indicate a bug in the instruction set or syscalls. The GNU_STACK entry specifies stack permissions, which relates to program execution but not directly to an error unless there's a specific issue with stack overflow or permissions causing crashes. + +Looking at possible categories: + +1. **Instruction**: This would involve issues like incorrect opcodes, assembly-level bugs, or processor-specific issues. The information here doesn't point to any faulty instructions; it's more about binary structure and runtime setup. + +2. **Syscall**: Errors here would involve problems with system calls made by the program, such as incorrect parameters, permissions, or handling. There's no mention of syscalls in this report, so this category seems less likely. + +3. **Runtime**: This covers errors that occur during the execution of the program, including issues related to initialization, dynamic linking, memory management, and other runtime processes. The presence of INIT, FINI, array entries, and dynamic section details suggests that any issues here would affect how the program runs once it's loaded. + +Given all this, I think the bug report is most likely related to runtime errors because it deals with how the program initializes, links dynamically, and manages its execution environment. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1818483 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1818483 new file mode 100644 index 000000000..39e4393ea --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1818483 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU user mode and binfmt_misc configuration issues. Let me read through it carefully. + +The issue arises when using qemu-user-static in a chroot environment. When they run certain tests, like with the Devscripts module, the output includes unexpected full paths. For example, instead of just "tar" being mentioned, it's "/bin/tar". They traced this back to how the binfmt_misc configuration is set up. + +The user tried modifying the flags in binfmt_misc by adding "P", which changes how arguments are passed. But when they did that, QEMU didn't handle the new argument correctly because it now received an extra argv[0] parameter. This caused issues with starting bash in chroot since the argument list was unexpected. + +They then modified the QEMU code to adjust how it parses the input arguments. Now, QEMU can handle the additional parameters and correctly extract the original command from argv[2]. + +The user is asking if there's a way for binfmt_misc to pass an additional flag or environment variable to QEMU so that QEMU knows how to parse the arguments based on the binfmt Misc settings. + +So, considering the possible categories: instruction, syscall, runtime. The issue seems to be with how arguments are handled at runtime within QEMU when interacting with binfmt Misc. It's not a problem with an instruction or a system call directly but more about argument parsing during execution. + +Therefore, this bug falls under the "runtime" category because it's an error that occurs while the program is running due to unexpected argument handling. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1819 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1819 new file mode 100644 index 000000000..efa09dea7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1819 @@ -0,0 +1,13 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report. The user provided a problem where running 'rpm -qa' inside a Docker container based on CentOS 7 for arm/v7 architecture results in a segmentation fault. They mentioned that this is part of QEMU. + +First, I'll break down the issue. The Docker image was pulled with an arm/v7 tag, but when they ran it on their host machine (which is amd64), Docker gave a warning about platform mismatch because it detected the host as linux/amd64 instead of the expected arm. Then, inside the container, running 'rpm -qa' caused a segmentation fault. + +Segmentation faults typically happen due to invalid memory access. In this case, since the container is for arm and the host is amd64, I'm thinking about how Docker handles different architectures. When you run an image that's built for a different architecture than the host, Docker might use binary translation or QEMU emulation to run it. + +If Docker uses QEMU for running the arm image on an amd64 host, any issues during this process could cause runtime errors. A segmentation fault in 'rpm -qa' suggests that when the container starts and runs the command, there's a problem in how the emulator is handling certain instructions or syscalls. + +Now, considering the categories: instruction, syscall, runtime. Since it's an emulation issue likely causing invalid memory access during execution, this would be a runtime error because it happens while the program is running, not necessarily due to a faulty instruction or a syscall error specifically. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1821515 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1821515 new file mode 100644 index 000000000..e76f73a84 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1821515 @@ -0,0 +1,19 @@ +<think> +Alright, so I'm looking at this bug report about QEMU-PPC and how it's handling NaN conversions incorrectly. The user provided a C program that demonstrates the issue when run under QEMU versus on a real PowerPC system. + +First, let me understand what's happening here. The program initializes two float variables f1 and f2 as NaNs. Then it prints them out along with their memory representations. It checks if f1 is greater than or equal to f2, which should be False because in IEEE 754, NaNs are not comparable and any comparison involving NaN returns false. + +When running under QEMU-PPC, the output shows that both f1 and f2 are printed as 5.104236e+38 instead of 'nan', and their memory representations are 0x7fc00000 for float (which is correct NaN). The comparison returns True, which is incorrect because comparing two NaNs should be False. + +In the correct execution on a real PowerPC system, both f1 and f2 are correctly identified as nan, their hex values match, and the comparison returns False. Also, when casting to double, the result is correctly a NaN with the appropriate hex representation. + +The problem seems to stem from how QEMU-PPC converts float32 (single-precision) NaNs to double-precision. Instead of preserving the NaN status, it's incorrectly interpreting the float as a normalized number, leading to incorrect conversion and comparison results. + +Now, looking at the categories: instruction, syscall, runtime. The issue here isn't related to system calls or specific instructions being faulty. It seems more like an error in how QEMU handles floating-point conversions during runtime, specifically when extending single-precision NaNs to double-precision. This is part of the runtime environment because it's about how values are processed and converted as the program runs. + +So, the category should be 'runtime'. +</think> + +The bug involves incorrect handling of NaN conversion during runtime in QEMU-PPC, affecting floating-point operations rather than specific instructions or system calls. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1829459 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1829459 new file mode 100644 index 000000000..7661f3f3d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1829459 @@ -0,0 +1,17 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report for QEMU. The user provided a detailed scenario where they're running an aarch64 Gentoo guest using QEMU in user mode. When they tried to use "emerge" or ran certain commands that involve unsharing the PID namespace, they encountered an error: "qemu: qemu_thread_create: Invalid argument". + +First, I'll break down the components involved. The host is Gentoo Linux on amd64, and the guest is also Gentoo but for aarch64. They used QEMU 4.0.0 to set up the environment. When running specific commands that create a new PID namespace (like unshare --pid or using portage.process.spawn with unshare_pid=True), it fails. + +The error message points to an issue during thread creation in QEMU, specifically "Invalid argument". This suggests that QEMU is trying to perform an operation that's not allowed in the current context. Since the commands involve PID namespaces, which are a form of Linux containerization technique, I suspect that QEMU isn't handling this namespace properly. + +Looking into possible causes: The problem might be related to how QEMU interacts with the host's system calls when namespaces are involved. If QEMU doesn't support PID namespaces, any attempt to use them could lead to errors in system calls it makes, such as creating threads or other operations that rely on the current process's context. + +The user is encountering this issue during runtime of their application ("emerge"), which compiles and installs packages. The error occurs when "emerge" tries to spawn new processes within a new PID namespace. Since QEMU is involved in emulating the aarch64 environment, it might not correctly handle the isolation provided by the PID namespace, leading to invalid arguments when making system calls. + +The categories given are instruction, syscall, and runtime. The error seems to occur during runtime because it's happening while executing "emerge" after the setup. It's an issue that arises when QEMU interacts with certain syscalls in a namespaced environment, but the problem isn't just a simple invalid instruction or a straightforward syscall failure—it's more about how QEMU manages threads and namespaces at runtime. + +So, considering all this, I think the category should be "runtime" because it's an error that happens during the execution of the program when interacting with PID namespaces, which is part of the runtime environment management. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1830 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1830 new file mode 100644 index 000000000..444a09a43 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1830 @@ -0,0 +1,25 @@ +<think> +Okay, I'm trying to classify this bug report under one of the given categories: instruction, syscall, or runtime. Let me go through each step carefully. + +First, the problem is happening in a CentOS 7 arm64 container running on an Ubuntu 22 amd64 host using Docker. The user runs a command that seems to hang and take over the CPU. Specifically, they're executing `LD_DEBUG=all /lib64/ld-2.17.so --list /usr/bin/true &`, which starts a background process with PID 74. They check the process status and see that this process is using a lot of CPU time. + +Looking at the additional information provided: + +1. The issue isn't present on an Ubuntu 20.04 host doing the same thing. +2. On an AWS arm64 native machine, without QEMU binfmt, the container works fine. +3. They have multiple images built daily, but only this CentOS 7 arm64 one has the problem. +4. Using trace-cmd didn't help because it couldn't enable KVM events. +5. Built qemu-8.1.0-rc3 but thinks the old binfmt might still be in use. + +The issue seems to relate to running an arm64 container on amd64 hardware, which requires QEMU's binfmt support for emulation. The process is getting stuck and consuming CPU, suggesting a runtime problem with how QEMU or the binfmt handling is working. + +Now, considering the categories: + +- **Instruction**: This would involve a specific faulty instruction in the code causing issues. I don't see evidence of that here; it's more about execution behavior. +- **Syscall**: If there were issues with system calls (like read, write, etc.), but the problem seems to be broader than just one syscall. +- **Runtime**: This covers general runtime errors or issues during execution, which fits because the process hangs and uses CPU excessively. + +Since the problem occurs at runtime when using QEMU's binfmt to execute arm64 code on amd64, it's likely a runtime issue. It might be related to how QEMU handles certain instructions or processes in this environment. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1832353 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1832353 new file mode 100644 index 000000000..ef60bd285 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1832353 @@ -0,0 +1,21 @@ +<think> +Okay, I'm looking at this bug report where someone is encountering an assertion failure in QEMU when running a specific test case from GCC's gfortran testsuite. The error message is "cpu_exec: Assertion !have_mmap_lock() failed." They provided some context about the files involved and mentioned that they've observed similar issues on native aarch64 and arm machines, though they acknowledge that the test itself might be buggy. + +First, I need to classify this bug into one of the given categories: instruction, syscall, or runtime. Let's break it down. + +The error occurs in QEMU's CPU execution code, specifically in cpu-exec.c at line 701. The assertion is about checking whether a mmap lock is held. Mmap locks are related to memory management operations, which involve syscalls like mmap and munmap. So, the issue could be tied to how these syscalls are being handled within QEMU. + +Looking at the possible categories: + +1. **Instruction**: This would relate to a specific CPU instruction causing an issue. The error here doesn't point directly to an instruction but rather to memory management. +2. **Syscall**: Since mmap is a system call, and the lock is related to it, this might fall under syscall handling. If QEMU isn't correctly managing these locks during syscalls, it could trigger the assertion. +3. **Runtime**: This category covers other runtime errors that don't fit into instruction or syscall issues. + +The problem seems to stem from how QEMU handles mmap locks during execution. The test is causing a situation where the CPU_exec function encounters an unexpected lock state. Since this involves memory mapping operations, which are syscalls, it's plausible that the issue is with how these syscalls are being processed in QEMU. + +However, considering the context within QEMU's codebase and common issues, assertion failures like this often relate to runtime conditions where certain assumptions aren't met. The CPU execution loop might be entering a state it shouldn't, possibly due to incorrect handling of system resources during syscalls. + +So, while the issue involves syscalls (mmap), the core problem seems to be in the runtime management within QEMU's CPU execution code. Therefore, it's more aligned with a runtime error. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1832916 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1832916 new file mode 100644 index 000000000..bfe8e2b1e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1832916 @@ -0,0 +1,17 @@ +<think> +Alright, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me go through it step by step. + +The bug report mentions that in Linux-user mode, QEMU doesn't check whether a page is PROT_EXEC before translating. It only verifies if the page is readable, which isn't sufficient because PROT_EXEC means the page can be executed. The issue could lead to problems where pages are treated as executable when they shouldn't be. + +Looking at the categories: + +- Instruction: This would involve issues with specific CPU instructions. But here, the problem is about memory permissions, not instruction handling. + +- Syscall: It's about system calls. The report doesn't mention any syscall errors directly; it's more about how memory pages are checked during translation. + +- Runtime: Errors that occur at runtime when executing code. This seems to fit because the issue affects how pages are handled dynamically as they're being executed, which happens at runtime. + +So, the bug relates to the handling of memory permissions during execution, making it a runtime error. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1833668 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1833668 new file mode 100644 index 000000000..920023865 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1833668 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. The user is having trouble running an ARM binary on an Aarch64 system using QEMU. Let's break down the problem step by step. + +First, the user downloaded a busybox-static package intended for ARM (armel architecture). They checked the file and confirmed it's a 32-bit ARM executable. Then they tried to run it with qemu-aarch64, which resulted in an error saying it's an invalid ELF image. + +Next, they attempted specifying a CPU model, like cortex-a7, but QEMU couldn't find that model either. They also looked into the source code and noticed that while there are Aarch64 CPUs listed, there are no ARM CPUs defined in the array. This suggests that QEMU's user-mode emulation for ARM might be missing or not properly configured. + +So, what category does this fall under? The options are instruction, syscall, or runtime. Since the issue arises when trying to run the binary and it's related to CPU model support and architecture mismatch, it seems like a runtime error because it's happening while executing the program, not during compilation or system calls. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1834496 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1834496 new file mode 100644 index 000000000..d2af179d5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1834496 @@ -0,0 +1,17 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the details carefully. + +The user is reporting regressions when running GCC tests on QEMU targeting an ARM CPU (cortex-a9). The tests used to pass but now cause QEMU to crash with a signal 6 (Aborted), resulting in a core dump. + +Looking at the possible categories: + +- **Instruction**: This would involve issues with specific instructions causing problems. There's no mention here of any particular instruction failing or being miscompiled. + +- **Syscall**: If the issue was related to system calls, I might expect more details about which syscalls are problematic. The report doesn't specify any syscall errors. + +- **Runtime**: This category covers general runtime issues that aren't tied to specific instructions or syscalls. The crash occurs during test execution, and it's a recent regression in QEMU, affecting multiple tests. Since the problem happens at runtime without pointing to a specific instruction or syscall, this seems like a runtime error. + +So, I think the bug falls under **runtime** errors. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1835693 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1835693 new file mode 100644 index 000000000..67374c486 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1835693 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out why my "Hello World" program is causing a segmentation fault when run on QEMU s390x under Debian. Let's break it down step by step. + +First, I wrote a simple C++ program that just prints "Hello World!". The code seems straightforward, using iostream and the standard output. Compiled with g++, so nothing too fancy there. But when I try to run it in QEMU, it crashes with a segmentation fault. Hmm, that's odd because the same program should work fine on an x86_64 system. + +I remember that s390x is the architecture for IBM mainframes and some high-end servers. Maybe there are some differences in how programs behave or how certain instructions are handled compared to x86_64. So perhaps the issue lies in how QEMU emulates the s390x environment. + +Wait, when I run it with qemu-s390x-static, it's a static version of QEMU. Maybe there's something wrong with the emulation itself or how it interacts with the binary. Segmentation faults usually happen due to invalid memory accesses, but since this is a simple program without any manual memory management, that seems unlikely. + +Another angle: could it be related to system calls? Since s390x has different system call numbers and conventions compared to x86_64, perhaps the g++ compiler isn't generating the right syscalls for QEMU's emulation. Or maybe the C++ runtime libraries aren't properly set up in the emulated environment. + +Looking into possible categories: instruction, syscall, or runtime issues. If it were an instruction issue, the problem would be with a specific CPU instruction not being handled correctly. But since the program is straightforward, that seems less likely unless there's something compiler-specific I'm missing. + +If it's a system call error, then maybe QEMU isn't translating the syscalls correctly for s390x, causing them to fail and trigger a segfault. Alternatively, if the C++ runtime (like std::cout) relies on certain syscalls that aren't being handled properly in the emulator, that could cause a crash. + +Since the problem occurs at runtime when executing the program, it's more likely a runtime issue rather than something wrong with individual instructions or syscalls themselves. The segmentation fault suggests an unexpected condition during execution, possibly due to how QEMU is handling the binary's execution on s390x architecture. + +Putting it all together, I think the bug falls under the "runtime" category because it's an error that happens when the program is running in the emulated environment, not necessarily due to a specific instruction or syscall failure but something broader in how QEMU handles the program. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1835839 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1835839 new file mode 100644 index 000000000..213811dab --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1835839 @@ -0,0 +1,23 @@ +<think> +Okay, I need to figure out how to classify this bug report regarding QEMU-user. The issue is that when running a command under QEMU-user emulation on Debian/m68k, the shell variable $0 always reports an absolute path instead of a relative one as expected. + +So first, let me understand what's happening here. In a normal system without QEMU, when you run `sh -c 'echo $0'`, it outputs 'sh' because $0 is the name of the script or command being executed. But under QEMU-user, the same command outputs '/bin/sh', which is an absolute path. + +This seems like an issue with how QEMU sets up environment variables or how it's emulating the system calls related to process execution. The shell is getting a different value for $0 than expected because QEMU might be providing the full path instead of just the basename. + +Now, considering the categories provided: instruction, syscall, runtime. I need to determine which one this bug falls into. + +- Instruction issues would involve problems with specific CPU instructions not being handled correctly. +- Syscall errors are about system calls returning incorrect results or behaving unexpectedly. +- Runtime errors encompass other runtime issues that don't fall into the first two categories. + +In this case, the problem is related to how environment variables are set when a process starts. The value of $0 comes from the process's argument list, which is part of the startup process managed by the kernel. Since QEMU is emulating the system calls and process execution, it might be mishandling how $0 is initialized. + +This issue likely isn't about an incorrect instruction or a direct syscall error but rather how the environment is set up during process initialization under emulation. Therefore, it's more of a runtime problem because it affects how processes behave at runtime within the emulated environment. + +So, I think the correct classification here would be 'runtime'. +</think> + +The bug relates to the setup of the shell variable $0 during process execution under QEMU-user, which is a runtime issue affecting environment variables in the emulated system. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1836078 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1836078 new file mode 100644 index 000000000..c112f41c6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1836078 @@ -0,0 +1,17 @@ +<think> +Alright, I need to classify this bug report for QEMU into one of three categories: instruction, syscall, or runtime. Let's break down the information provided. + +The user is reporting regressions when running GCC tests on the arm-linux-gnueabihf target using a recent version of QEMU (master branch). They mention that all tests used to pass but now cause QEMU to crash after applying a specific fix. The tests involve binaries, shared libraries, and a script. + +The possible categories are: + +1. **Instruction**: This would be if the issue is related to how certain CPU instructions are handled. +2. **Syscall**: If the problem involves system calls not working as expected. +3. **Runtime**: Any other runtime issues that don't fall into the above two categories. + +Given the context, the user isn't pointing out a specific instruction or syscall failure but rather general crashes when running tests. This suggests it's a broader runtime issue affecting how QEMU handles these test cases after the fix. Therefore, the category is likely **runtime**. +</think> + +The bug report involves general runtime issues causing QEMU to crash during GCC tests, not specifically tied to instructions or syscalls. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1836192 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1836192 new file mode 100644 index 000000000..1488d7472 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1836192 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to classify this bug report for QEMU. The user has provided some information about regressions they noticed when running GCC tests on an arm926 target using a specific configuration. Let me break down what's given and figure out which category it fits into. + +First, the context: They're using QEMU master after a particular commit. They applied a fix for bug 1834496 but still saw regressions when running GCC tests. The GCC is configured to generate arm10tdmi code with VFP support, and they're testing against the --cpu arm926 option in QEMU. + +The issue arises during runtime because they're executing the test binaries on QEMU and observing failures. The problem isn't in a specific instruction that's incorrect but rather in how the CPU is handling the generated code from GCC. + +Looking at the possible categories: + +- **instruction**: This would apply if there was a specific instruction causing issues, like an assembly-level bug. But here, it's more about overall execution behavior. + +- **syscall**: If the problem were related to system calls not being handled correctly, this category would fit. However, the user didn't mention any syscall errors. + +- **runtime**: This seems appropriate because the regressions are happening when running the tests on QEMU, implying issues during execution rather than compile-time or instruction-level problems. + +So, putting it all together, the bug is related to runtime behavior when executing GCC-generated code on arm926 with VFP. The issue isn't a specific syscall failure but how the CPU is processing the instructions at runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1836558 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1836558 new file mode 100644 index 000000000..21cbd0483 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1836558 @@ -0,0 +1,21 @@ +<think> +Okay, so I have this problem where when I run my C++ program that uses std::thread on Qemu-ppc, it's causing memory leaks. But when I run the same binary on real PowerPC hardware or on Intel, there are no issues. Hmm, that's interesting. + +The user provided a sample code snippet. The function Fun100 creates 100 threads and joins them one by one. Each thread sleeps for 10ms. After creating all the threads and joining them, it waits another 500ms to let the OS clean up. They noticed that when running this in Qemu-ppc, the memory usage keeps increasing each time Fun100 is called again. + +So, the problem is specific to Qemu's PowerPC emulation. It doesn't happen on real hardware or other architectures. The compiler used was powerpc-linux-gnu-g++ 8.3.0, but they mentioned older versions also have this issue. The OS is Debian 10, and Qemu version is 3.1.50. + +I need to classify the bug into one of three categories: instruction, syscall, or runtime. Let's think about each possibility. + +If it were an instruction-level problem, there would be a specific assembly instruction that's causing incorrect behavior. But since it works on real hardware and only fails in Qemu, it's more likely something related to how the emulator handles certain operations rather than a CPU instruction issue. + +Syscall issues could involve system calls not being handled correctly by Qemu. For example, if creating threads or managing memory requires specific syscalls that Qemu isn't emulating properly, that could lead to resource leaks. However, since it's a thread creation and joining problem, which involves several syscalls (like clone, futex for pthread_join), maybe something in the syscall emulation is causing the memory not to be released properly. + +Runtime errors are more general and include issues like incorrect handling of resources during execution. Since each call to Fun100() increases the memory usage without bound, it suggests that some resource isn't being cleaned up after the threads finish. This could relate to how Qemu manages thread or memory resources internally when emulating PowerPC. + +Given that the issue is only in Qemu and not on real hardware, it's likely a problem with how Qemu handles certain runtime operations, particularly those related to threading and memory management. It might be an issue with how Qemu allocates or frees memory for threads, possibly leading to leaks because some structures aren't properly deallocated when the threads exit. + +So putting this together, the bug is probably in Qemu's handling of thread creation and resource management during runtime, specifically in the PowerPC emulation. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1840922 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1840922 new file mode 100644 index 000000000..fb556d5c5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1840922 @@ -0,0 +1,19 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report. The user encountered an issue when running a test case with QEMU using the cortex-m33 CPU. The error message says there's an unhandled CPU exception 0x8, which caused QEMU to abort. + +First, let me understand what each category means: + +1. **Instruction**: This would be if there's a problem with how instructions are being handled or executed by the emulator. +2. **Syscall**: If the issue is related to system calls, like if something goes wrong when interacting with the operating system through syscalls. +3. **Runtime**: Any other runtime issues that don't fall into the above categories. + +Looking at the details provided: The test case works at -O2 but crashes at -Os. It involves nested functions creating a trampoline on the stack, which might cause alignment or access issues. Since it's bare-metal (no OS), syscalls aren't involved here. The problem seems to be related to how instructions are being executed or handled in the emulator. + +The crash happens during CPU execution with an exception 0x8, which is a data abort. This could mean that QEMU isn't handling certain memory accesses correctly when running at -Os optimization, perhaps due to different code paths generated by the compiler. + +So, this doesn't seem like a syscall issue. It's more about how the CPU instructions are being emulated or how memory is being accessed during runtime. Therefore, it falls under **runtime** errors. +</think> + +The bug report describes an issue where QEMU encounters an unhandled CPU exception while running a bare-metal program on a cortex-m33 target. The problem arises when compiling with `-Os` but not `-O2`, and involves nested functions creating a trampoline on the stack, which could lead to memory access issues. Since this is related to how the instructions execute during runtime without involving system calls or specific instruction faults, it's classified under "runtime." + +**Answer:** runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1854 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1854 new file mode 100644 index 000000000..12e5cb882 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1854 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me read through the problem description again. + +The user is reporting that when they run the nolibc-test program under qemu-s390x, it crashes with an error message from elfload.c at line 2239. The error says "code should not be reached," which suggests that some unexpected condition was met during execution. + +Looking into the steps, the issue started after a specific commit (5f4e5b34...), and reverting it fixed the problem. That indicates something changed in the codebase that introduced this bug. + +The error is occurring in elfload.c within the zero_bss function. BSS stands for Block Started by Symbol, which refers to uninitialized data segments in an executable. The zero_bss function likely initializes these sections with zeros. If it's hitting a point where "code should not be reached," maybe there's a miscalculation or incorrect assumption about memory regions. + +Now, categorizing this: instruction issues relate to faulty CPU instructions, syscall relates to system calls going wrong, and runtime covers other execution-time errors. Since the problem is during program execution in QEMU's user mode (qemu-user), specifically related to loading an ELF file and handling its BSS section, it doesn't seem like a faulty instruction or a syscall issue. Instead, it's more about how the program is being loaded and initialized at runtime. + +Therefore, this bug falls under the runtime category because it's an error that happens during the execution of the program within QEMU. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1857 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1857 new file mode 100644 index 000000000..8c992bce8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1857 @@ -0,0 +1,17 @@ +<think> +Alright, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's break down the problem described here. + +The user reports a significant performance slowdown between QEMU versions 8.0.0 and 8.1.0 when running on an AArch64 machine. Specifically, they mention that after applying commit 59b6b42cd3, which enables FEAT_LSE2 for the max CPU, their execution time increased dramatically from 0.8s to 6.8s. They've also noted that reverting this commit or specifying a different CPU (-cpu cortex-a35) mitigates the issue. + +Looking at the possible categories: + +1. **Instruction**: This would relate to an issue with how specific instructions are handled, perhaps incorrect handling leading to errors. However, here the problem is performance, not instruction correctness. + +2. **Syscall**: This category involves issues with system calls. The report doesn't mention any syscalls failing or behaving incorrectly; it's about execution time. + +3. **Runtime**: This encompasses runtime errors or performance issues that occur during normal operation. Since the slowdown happens at runtime and affects performance, this seems to fit. + +The issue arises from enabling a new CPU feature (FEAT_LSE2), which affects how QEMU emulates instructions. The problem isn't a crash or incorrect behavior but rather a significant increase in execution time, indicating a runtime performance issue related to how these features are handled during emulation. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1858415 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1858415 new file mode 100644 index 000000000..191fe6b24 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1858415 @@ -0,0 +1,20 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report for QEMU. The function in question is tcp_emu, and there's an OOB (out of bounds) issue mentioned. Let me break down what's happening here. + +Looking at the code snippet provided: + +- There's a while loop that iterates over `bptr` starting from `m->m_data` to `m->m_len`. +- Inside case 6, it accesses `((uint8_t *)bptr)[0]` and `((uint8_t *)bptr)[1]`. Then, it increments `bptr` by one with `bptr++` and writes another value at the new position. + +The problem seems to be that when `bptr` is near the end of the buffer, accessing `[1]` might go beyond the allocated memory. Also, incrementing `bptr` could make it exceed the buffer's length, leading to an out-of-bounds write or read. + +Now, considering the categories: + +- **Instruction**: This would be about a specific faulty instruction in the code. The bug here is more about incorrect pointer handling rather than a single instruction. +- **Syscall**: It doesn't seem related to system calls; it's about memory access within QEMU itself. +- **Runtime**: This category covers errors that occur during runtime, such as buffer overflows or out-of-bounds accesses. + +The issue arises during the execution of the code when `bptr` is manipulated incorrectly, leading to an OOB condition. So, this falls under a runtime error because it's happening while the program is running and accessing memory improperly. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1860056 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1860056 new file mode 100644 index 000000000..646442862 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1860056 @@ -0,0 +1,19 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report where a Hello World program segfaults when run under QEMU for big-endian 32-bit MIPS on a Debian host. The user has provided that other MIPS architectures (64-bit and little-endian 32-bit) work fine, so the issue is specific to big-endian. + +First, I'll consider possible causes of a segmentation fault in this context. Segfaults usually happen when the program tries to access memory it shouldn't, like dereferencing a null pointer or accessing an invalid address. But since this is a simple Hello World program using iostream, maybe it's more about how the standard library is handled. + +The toolchain used is mips-linux-gnu-g++, which compiles for MIPS Linux targets. The problem occurs when running under QEMU, suggesting that perhaps the emulator isn't handling something correctly with big-endian 32-bit MIPS. + +Looking at possible categories: instruction, syscall, runtime. + +- **Instruction**: This would be if there's a specific instruction in the code causing issues, but the code is simple and works on other architectures. + +- **Syscall**: If there was an issue with system calls, maybe related to how QEMU emulates them for big-endian MIPS. + +- **Runtime**: This category includes other runtime errors that aren't specifically instructions or syscalls. Since the problem is in the emulator's handling of a specific architecture during execution, it might fall here. + +I think the issue isn't with the code itself (as it works elsewhere) but how QEMU emulates big-endian MIPS for this case. Maybe something to do with how the standard library interacts with the system calls or memory management under QEMU for that target. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1860610 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1860610 new file mode 100644 index 000000000..58c28489f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1860610 @@ -0,0 +1,11 @@ +<think> +Okay, so I need to figure out how to classify this bug report about QEMU leaking memory due to cap_disas_plugin not freeing instructions properly. The user provided that when using QEMU under Valgrind, they noticed a memory leak in the cap_disas_plugin function because it's not calling cs_free(insn, count) before cs_close. + +First, I should understand what each category means. The possible categories are instruction, syscall, and runtime. Instruction seems to relate to issues with specific CPU instructions or their handling. Syscall would involve system calls that aren't working correctly. Runtime is for other errors that occur during the program's execution. + +In this case, the issue isn't about a faulty CPU instruction being handled incorrectly. It's more about memory management—specifically, not freeing memory before closing a resource. This sounds like an error in how resources are managed at runtime rather than an issue with system calls or specific instructions. + +So, since the problem is about a function not properly freeing memory during execution, it falls under runtime errors. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1861605 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1861605 new file mode 100644 index 000000000..9e05c6de3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1861605 @@ -0,0 +1,13 @@ +<think> +Alright, let's try to figure out how to classify this bug report. The user provided some technical details about an issue in QEMU related to MIPS after a specific commit. They mentioned that the llval value was loaded as unsigned instead of sign-extended, causing a CMPXCHG failure in gen_st_cond(). + +The user also noted that they fixed it by modifying how the cmpxchg line works, either by adjusting the load or changing the compare operation to non-sign-extended. They can't send the patch themselves and are asking someone else to apply their fix or consider an alternative solution. + +Looking at the possible categories: instruction, syscall, runtime. + +I think this isn't about a specific instruction being faulty because it's more about how data is handled during a compare operation. It also doesn't seem related to syscalls since there's no mention of system calls failing. Instead, the issue occurs during runtime when performing atomic operations (like cmpxchg), which are part of the execution flow. + +So, this bug seems to be a runtime error because it affects how the program behaves while executing, specifically in handling atomic comparisons and exchanges with incorrect sign extension. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1862167 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1862167 new file mode 100644 index 000000000..042e4ec2f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1862167 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm looking at this bug report about QEMU's handling of SVE register sizes. The user mentioned that their CPU uses a 512-bit SVE register, but when they run their assembler program under qemu-user-aarch64, it tries to use 2048-bit instructions and causes a segmentation fault. They’re asking if there should be an option in QEMU to set the SVE size. + +First, I need to figure out what category this bug falls into. The categories are instruction, syscall, or runtime. + +The user is talking about how QEMU handles SVE instructions. Since SVE stands for Scalable Vector Extensions, it's related to vector operations in ARMv8-A. The issue arises because the CPU they're targeting has a different SVE register size than what QEMU defaults to. + +So, when their program uses 512-bit SVE instructions, QEMU is interpreting them as 2048-bit, which leads to an error during execution. That suggests it's not about a faulty instruction per se but how the environment (QEMU) is handling the vector length setup. + +I think this is more of a runtime issue because it's happening when the program runs and interacts with QEMU’s emulation. It's not that there's a wrong instruction being generated; it's that QEMU isn't respecting the correct SVE configuration for the target CPU, causing incorrect behavior at runtime. + +The user wants an option to specify the SVE size, which would likely be a runtime setting in QEMU. Without this, when they run their program, the mismatch causes the crash. So the problem occurs during execution because of how QEMU sets up or handles the vector registers. + +Therefore, this seems like a runtime error rather than an instruction fault or a syscall issue. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1862986 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1862986 new file mode 100644 index 000000000..a7feb2327 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1862986 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to help classify this bug where qemu-s390x segfaults on an Odroid running Ubuntu. The user mentioned that both versions 2.11 and 4.2 crash when run on their machine, but qemu-arm works fine. + +First, looking at the backtraces from GDB. In the first case with the self-compiled version, it points to __bss_start__, which is part of memory initialization. But in the second case using Ubuntu's version, it points to code_gen_buffer and then through cpu_exec and main. That suggests that the crash is happening during CPU execution when generating code. + +Since qemu-s390x is trying to emulate a s390x architecture on an aarch64 machine, perhaps there are issues with how the emulator handles the target's instructions or memory. The fact that it's crashing in code generation buffers makes me think it's related to how the CPU loops and generates code during execution. + +The error isn't a syscall issue because it's happening within QEMU's own code, not when interacting with system calls. It also doesn't seem like a faulty instruction being executed by the guest because qemu-arm works, so it's more about how s390x is handled in the emulator itself. + +Putting this together, I think the problem falls under runtime errors since it occurs during normal execution of QEMU, specifically when generating or executing the emulated CPU code. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1863445 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1863445 new file mode 100644 index 000000000..11412d072 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1863445 @@ -0,0 +1,11 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. The user provided an assertion failure from QEMU when using radare2 on a MIPS binary. The error message is about page_check_range failing because the start address isn't within expected limits. + +Hmm, looking at the details, it's not about a specific instruction being faulty. It also doesn't mention any syscalls going wrong. Instead, it seems like an issue during runtime when QEMU tried to translate code and encountered an invalid memory address. So this is more of a runtime error because it happens while executing or translating instructions in the virtual machine context. + +So I think the category here would be 'runtime'. +</think> + +The bug report describes a failure during runtime when QEMU attempts to check a range that's out of bounds, causing an assertion failure. This isn't about an instruction or syscall but occurs while running code. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1869782 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1869782 new file mode 100644 index 000000000..4860351e1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1869782 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out what's going on here. The user is having an issue where qemu-arm-static crashes with a segmentation fault when they run "svn checkout". They mentioned that it happens every time on Travis CI but not on their local VM or with an armv7h chroot. They tried updating QEMU to version 4.2 thinking that might fix the problem, but it didn't help. + +First, I need to understand what qemu-arm-static is used for here. It's likely being used to cross-compile software from x86_64 (the host) to ARM architecture. So when they run "svn checkout" inside this emulated environment, something goes wrong, causing a segfault. + +Segmentation faults usually happen when there's an invalid memory access—like trying to read or write memory that the program isn't allowed to touch. This could be due to a bug in QEMU itself or maybe how it's handling certain system calls or instructions from the guest OS. + +The user also mentioned they don't get this error with an armv7h chroot, which suggests that the issue is specific to the qemu-arm-static setup. That makes me think it might be related to how QEMU emulates the ARM architecture in a static environment versus using a chroot. + +They're considering removing SVN from their build scripts as a workaround, but they want to know if cross-building with QEMU is still viable. It seems like they're doubting whether continuing with QEMU is a good idea because of this recurring issue. + +The user also asks if getting a core dump would help. Core dumps can provide detailed information about the state of the program when it crashed, which is invaluable for debugging. Without that, it's harder to pinpoint exactly where the problem occurs. + +Looking at the possible categories: instruction, syscall, runtime. The segmentation fault suggests something went wrong during execution—probably a runtime error. It might involve an incorrect system call or an issue with how the guest OS interacts with the host via QEMU. + +So, considering all this, I think the bug is related to how QEMU handles certain operations at runtime when cross-compiling, leading to a segfault when running "svn checkout". Therefore, it's likely classified under 'runtime'. +</think> + +The issue is classified as a runtime error in QEMU due to a segmentation fault occurring during the execution of "svn checkout". + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1870477 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1870477 new file mode 100644 index 000000000..9cb2b817f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1870477 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out what category this bug falls into. The user mentioned that when running their Go test on QEMU-ARM, it sometimes hangs. They provided details about their environment: Ubuntu 16.04.5 x86_64, QEMU-ARM version 4.2.0, and Go 1.14.1 compiled for Linux/ARM. + +The test code is a simple loop that prints "Hello world" 1000 times. They ran this command 500 times in the QEMU environment, and it hung around 200-300 times. They also attached a strace log but didn't include it here. + +So, what's happening? The test runs fine most of the time but occasionally hangs. That suggests there might be some non-deterministic issue, perhaps related to timing or resource usage. Since it's in QEMU, maybe something with how system calls are handled in the emulator could be causing the problem. + +Looking at the possible categories: instruction, syscall, runtime. + +- Instruction issues would mean that a specific CPU instruction is causing problems. But since this is happening across multiple runs and not on every execution, it might not be an instruction-level bug. +- Syscall errors could happen if QEMU isn't handling certain system calls correctly, leading to hangs. Go's runtime uses syscalls for things like I/O operations, which the test does a lot of with fmt.Printf. +- Runtime issues are more general and could involve memory management or other higher-level problems in QEMU. + +Considering that the hang is related to running a Go program, which is compiled to ARM instructions but executed within an emulator on x86_64, it's possible that there's a problem in how QEMU handles certain syscalls made by the Go runtime. For example, if the emulator isn't correctly implementing a system call that Go relies on, especially under load or repeated calls, it might lead to hangs. + +Alternatively, maybe the issue is with how QEMU schedules or handles multiple processes/threads, but since this test doesn't involve concurrency beyond the loop, that's less likely. + +So, I think the most probable category here would be 'runtime' because it's a more general issue within the emulator that might not be tied to a single instruction or syscall but rather how QEMU manages execution over time. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1878501 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1878501 new file mode 100644 index 000000000..9787ac937 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1878501 @@ -0,0 +1,18 @@ +<think> +Okay, so I'm trying to classify this bug report for QEMU under one of the given categories: instruction, syscall, or runtime. Let me read through the problem again carefully. + +The issue is that when running i386 Linux binaries using qemu-i386, there's a problem with the AT_SYSINFO auxval not being defined. This causes Android's Bionic libc to segfault because it expects this value and tries to use it as a function pointer. The code provided shows that __libc_sysinfo is retrieved via getauxval(AT_SYSINFO), but if it's not set, __libc_init_sysinfo doesn't handle it properly. + +The user mentioned that compiling a simple C program with the NDK and running it under QEMU results in a segmentation fault. The crash happens in __set_thread_area because it calls a null function pointer from __libc_sysinfo. + +So, looking at this, the problem arises during runtime when the binary tries to execute code that relies on AT_SYSINFO being present. Since QEMU isn't providing this auxval, the library crashes. This seems like an issue with how QEMU is handling system call or auxiliary value setup for i386 binaries. + +The categories are: +- instruction: Faulty instructions in the bug report. +- syscall: Errors related to syscalls. +- runtime: Other runtime errors not covered by the above. + +Since this isn't about a faulty instruction but rather missing setup data (auxval) leading to a crash during execution, it falls under a runtime error. The issue is that QEMU isn't properly initializing or providing necessary auxvals for certain syscalls, causing the libc to fail at runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1880225 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1880225 new file mode 100644 index 000000000..79a084fa6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1880225 @@ -0,0 +1,23 @@ +<think> +Okay, so I'm trying to figure out how to classify this QEMU bug based on the information provided. The user provided a detailed description of an issue where running a specific ARM program under QEMU master causes an assertion failure related to `have_guest_base`, whereas it works fine in QEMU v5.0.0. + +First, I need to understand what's going on here. The error message mentions that the assertion `have_guest_base` failed in the file `elfload.c`. Looking at the code snippet from `elfload.c`, line 2294 is where this assertion happens. This suggests there's a problem during the loading of the ELF binary, specifically with determining the guest base address. + +The program being run is a simple C program that generates random strings and converts them to uppercase. The fact that it runs correctly under QEMU v5.0.0 but fails in master indicates that something changed between these versions that's causing this issue. + +I should consider what changes could have been made in the QEMU master branch that affect how binaries are loaded or how guest addresses are handled. Maybe there was a change in the way the ELF loader initializes or checks for the guest base address. + +Looking at the possible categories: instruction, syscall, runtime. + +- **Instruction**: This would involve issues with specific CPU instructions not being handled correctly by QEMU. +- **Syscall**: Problems related to system calls during program execution. +- **Runtime**: Other runtime errors that don't fall into the above categories. + +In this case, the error is happening during the loading phase of the binary. The assertion failure in `elfload.c` suggests it's not an issue with executing instructions or making syscalls but rather with how the binary is being loaded and prepared for execution. Therefore, this seems like a runtime issue because it occurs when QEMU is trying to set up the environment before the program starts running. + +So, I would classify this bug under **runtime**. +</think> + +The bug report describes an assertion failure during the loading of an ARM program in QEMU master, which is related to determining the guest base address. This issue occurs at runtime while setting up the binary for execution, not due to faulty instructions or syscalls. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1880332 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1880332 new file mode 100644 index 000000000..1ec5455b4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1880332 @@ -0,0 +1,16 @@ +<think> +Okay, so I'm looking at this bug report regarding QEMU 5.0.0. The user mentions encountering a segmentation fault when using user emulation with cURL for aarch64, specifically when connecting to a server using TLS 1.2 and the ECDHE-ECDSA-CHACHA20-POLY1305 cipher. + +First, I need to understand what each category means. The options are instruction, syscall, or runtime. + +The term "segmentation fault" usually points to a problem in memory access—like accessing invalid memory addresses. This often happens during program execution, so it's more of a runtime issue rather than something related to instructions or system calls. + +Looking at the categories: +- Instruction: If there was a specific CPU instruction causing the issue. +- Syscall: If a system call was misbehaving or not handling something correctly. +- Runtime: Issues that occur during program execution, like memory management problems. + +Since the problem happens when running cURL with certain TLS settings under QEMU user emulation, it's likely related to how the emulator handles specific runtime conditions. The crash is happening during normal operation, which suggests a runtime error rather than an issue with individual instructions or system calls. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1880722 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1880722 new file mode 100644 index 000000000..5fafe0103 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1880722 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report related to QEMU. The user provided some context about a problem in the use_goto_tb() function and mentioned that it's part of QEMU. They also included possible categories: instruction, syscall, or runtime. + +First, I need to understand what each category means. "Instruction" would relate to issues with specific CPU instructions causing problems. "Syscall" would involve errors when making system calls in the guest environment. "Runtime" is a broader category for other runtime errors that don't fall into the first two. + +Looking at the bug report, it talks about page crossings and invalidations in the mmap.c file under linux-user. The issue seems to be with how memory mappings are handled during use_goto_tb(), which is part of the translation block handling. It mentions performance improvements when fixed, which suggests it's an optimization or correctness issue in memory management. + +The problem isn't directly about a faulty instruction execution but rather about proper invalidation and page handling. This sounds more like a runtime issue because it affects how the program runs, specifically during memory operations. It doesn't seem to be a syscall error since it's about internal memory management within QEMU, not interacting with system calls. + +So, putting it all together, this bug report is about an issue that occurs at runtime related to memory handling and page crossings in the use_goto_tb() function. Therefore, the appropriate category would be "runtime." +</think> + +The issue pertains to runtime errors during memory management and translation block handling within QEMU, specifically addressing page crossings and invalidations. This falls under the broader category of runtime errors. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1883268 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1883268 new file mode 100644 index 000000000..eaab04b7a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1883268 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out what's wrong with this bug report and classify it correctly. Let me read through the details again. + +The user upgraded to QEMU 5.0 and started seeing random failures in the GCC testsuite, specifically in g++.dg/ext/sync-4.C. They attached some traces which show that when executing f13, it leads to a call to abort(). The function f13 uses __sync_bool_compare_and_swap on an address, which translates to __aarch64_cas8_acq_rel. + +Looking at the execution trace, it seems like main calls f13, which in turn calls this compare-and-swap function. After that, f13 returns and then abort is called. The user didn't see these issues on native hardware, so it's likely a problem with QEMU's emulation. + +Now, I need to classify the bug into one of three categories: instruction, syscall, or runtime. + +The issue seems to involve the execution flow and function calls leading to an unexpected abort. It doesn't mention any specific instructions being faulty, nor does it talk about syscalls failing. Instead, it looks like a problem that occurs during runtime when certain operations are performed, particularly involving atomic operations (compare-and-swap). This makes me think it's related to how QEMU handles these operations in the emulation environment. + +So, I'm leaning towards categorizing this as a runtime error because it's something that happens during the execution of the program within QEMU, not necessarily due to a specific instruction or syscall. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1883784 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1883784 new file mode 100644 index 000000000..c1bc40912 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1883784 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me break it down step by step. + +The user reports that their code runs correctly on actual PPC64LE hardware when compiled with GCC 10 but fails in QEMU environments (both version 4.2 and 5.0.0). The failure isn't due to an error like an illegal instruction; instead, the computed results are different, leading to a __builtin_abort because it doesn't match the expected value. + +First, I'll consider the "instruction" category. This would involve issues with how instructions are executed. Since there's no mention of illegal instructions or execution errors, this seems unlikely. The problem isn't about an instruction being faulty but rather about incorrect computation results. + +Next, the "syscall" category relates to system calls going wrong. The user didn't mention any syscall-related issues, so this doesn't fit either. They're not talking about problems with permissions or syscalls failing; it's more about the program logic. + +That leaves me with "runtime," which covers other runtime errors that aren't related to instructions or syscalls. Since the problem is about different results when running on QEMU versus hardware, it suggests something in the environment causing the issue during execution. It could be a difference in how floating-point operations are handled, memory management, or some other runtime behavior discrepancy. + +So, putting it all together: The bug isn't an instruction or syscall issue but rather a runtime problem where QEMU behaves differently than actual hardware. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1885350 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1885350 new file mode 100644 index 000000000..2d3ba8348 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1885350 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's break down what the user is saying. + +The issue is about RISC-V dynamic rounding mode not behaving correctly in QEMU. The user provided code from QEMU where they noticed that the rounding mode (rm) isn't updated if it's already set to 7 and the frm value changes. According to the RISC-V spec, when rm is 7, the dynamic rounding mode should use the current frm value. + +In their test case, after setting rm to 7 and changing the frm, the first execution works, but subsequent executions with different frm values don't update the rounding mode correctly. The code in QEMU checks if ctx->frm equals the new rm; if so, it doesn't update, which is incorrect when using dynamic modes because frm can change without rm changing. + +This seems like an issue related to how instructions are handled, specifically the way the floating-point rounding mode is set based on the instruction's rm field. The problem arises during runtime execution of these instructions, as the code doesn't correctly handle the dynamic update of rounding modes when rm is 7 and frm changes. + +So, this isn't about a faulty instruction itself or a syscall error. It's more about how QEMU handles the runtime behavior of floating-point operations based on changing registers. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1886097 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1886097 new file mode 100644 index 000000000..4e29a3f72 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1886097 @@ -0,0 +1,13 @@ +<think> +Alright, let's try to figure out how to classify this bug report. So, the user is talking about an issue when running a binary on QEMU user-mode versus real Linux hardware. The problem seems to be related to how the program break (brk) is set. + +In the bug description, they mention that in Linux, the brk is set after all loadable segments, regardless of their permissions. But in QEMU, it's only considering segments with write permissions when calculating the initial brk. This leads to a discrepancy because one of the LOAD segments overlaps with a TLS segment which doesn't have write permissions. + +The result is that when running on QEMU, the program crashes on the second brk call because the brk address is lower than expected. On real hardware, it works fine because Linux correctly sets the brk after all segments. + +So, this issue seems to be about how QEMU initializes the brk value during program execution. It's not a problem with an instruction or a syscall per se; instead, it's more about runtime behavior when handling elf binaries. + +Therefore, the category would likely be "runtime" since it's an error that occurs during the execution of the program due to incorrect setup by QEMU. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1887306 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1887306 new file mode 100644 index 000000000..d70897f3b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1887306 @@ -0,0 +1,23 @@ +<think> +Okay, I need to classify this bug into one of three categories: instruction, syscall, or runtime. Let me go through each step carefully. + +The problem occurs when running a specific program under QEMU user on Linux. The program creates multiple threads (100) and each thread forks 10 times, creating child processes which immediately exit. Each fork is followed by a waitpid to clean up the child. + +From the description, the program deadlocks in QEMU. When it happens, there's a child qemu process with two threads that a worker thread in the parent is waiting on. The user tried using a mutex but that didn't help. Adding a barrier to ensure all forks are done before any thread exits did prevent the deadlock. + +So, what's happening here? It seems like QEMU isn't handling the forking and threading correctly under these conditions. Forking in multithreaded environments can be tricky because each new process needs its own set of resources, including threads. + +The issue arises when a process is forked multiple times from different threads. In a real Linux environment, each fork creates a new process with copies of the parent's resources. However, QEMU user mode might have issues managing these forking operations, especially under high concurrency (100 threads each doing 10 forks). This could lead to deadlocks if QEMU isn't correctly handling the process creation and termination. + +Looking at the categories: + +- Instruction: This would relate to a specific CPU instruction causing an issue. There's nothing in the report suggesting an issue with individual instructions. +- Syscall: This relates to system calls not behaving as expected. The problem involves fork() and waitpid(), which are syscalls, but the issue is more about how QEMU handles these under certain conditions rather than a direct error in the syscall implementation. +- Runtime: This covers errors or issues that occur during runtime, such as deadlocks, race conditions, or resource management problems. + +The bug report describes a deadlock scenario that happens during execution. It's not a problem with individual instructions or syscalls per se, but how QEMU manages multiple forking operations in a multithreaded environment leading to a runtime deadlock. + +Therefore, the category is "runtime." +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1888303 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1888303 new file mode 100644 index 000000000..0c7e5390c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1888303 @@ -0,0 +1,23 @@ +<think> +Okay, so I'm looking at this bug report about QEMU having some issues when running on an aarch64 system. The user is trying to run a x86_64 binary using QEMU's user mode emulation. They've built QEMU 5.0.0 with specific configurations and are testing it with node_exporter from the PMM client. + +The main issue they're facing is that when they run the static version of QEMU, the program often segfaults within a few seconds, especially when Prometheus tries to poll for data. But occasionally, about once every ten times, it works fine without any issues. On the other hand, the dynamically linked version doesn't segfault but also doesn't work properly—Prometheus gets no data from it, though sometimes it does work. + +The user suspects this might be a memory alignment issue because they're dealing with different architectures (x86_64 on aarch64), and such issues can cause unexpected behavior like segfaults. They’re not entirely sure but think that's the direction to look into. + +Now, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me break down each category: + +1. **Instruction**: This would involve issues where a specific instruction is causing problems, maybe due to incorrect handling in the emulator. +2. **Syscall**: Problems related to system calls not being handled correctly by QEMU's user mode emulation. +3. **Runtime**: Other kinds of runtime errors that don't fall into the above two categories. + +The bug report mentions segfaults and issues with memory alignment. Segfaults are often related to how pointers or memory accesses are handled. Since they're using static vs dynamic linking, there might be differences in how memory is managed or aligned between the two builds. Memory alignment can cause runtime errors because if the emulator doesn't correctly handle x86_64 memory access patterns on an aarch64 system, it could lead to unexpected behavior. + +The fact that sometimes it works and sometimes not suggests it's not a straightforward instruction issue but something more variable, possibly related to how memory is accessed or managed at runtime. Also, since the dynamic version doesn't segfault but still has issues, it points towards problems in how QEMU is emulating certain operations rather than a specific instruction. + +Considering all this, the problem seems to be happening during runtime when handling memory accesses, which could involve system calls related to memory management or other underlying processes. However, since it's more about the emulator's handling of memory alignment and not necessarily a direct syscall issue, I think the most fitting category is **runtime**. +</think> + +The bug report involves issues occurring at runtime, specifically related to memory access and alignment when emulating x86_64 on an aarch64 system. The segfaults and inconsistent behavior suggest problems during execution rather than with specific instructions or syscalls. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1888728 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1888728 new file mode 100644 index 000000000..3b1b45aea --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1888728 @@ -0,0 +1,23 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's break down what each category means and then see where this issue fits. + +First, the user is reporting an issue when trying to run a bare chroot in QEMU's Linux-user mode. The error message they get is "pgb_reserved_va: Assertion `guest_base != 0' failed." This happens without any additional bind mounts, but it works if they bind-mount /proc from the host into the target chroot. + +The problem occurs when running the chroot command inside QEMU's static build for m68k. The error is an assertion failure in elfload.c at line 2315. Assertions usually indicate that some condition wasn't met, which suggests a programming logic issue rather than something like a hardware instruction fault or a syscall problem. + +Now, looking at the categories: + +- Instruction: This would involve issues with specific CPU instructions not being handled correctly by QEMU. For example, if an unsupported opcode caused a crash. + +- Syscall: This relates to system calls between the guest and host, such as handling of syscalls that aren't implemented or handled properly in QEMU. + +- Runtime: These are errors that occur during execution, which don't fall into the above two categories. They could include assertion failures, memory issues, etc. + +In this case, the error is an assertion failure within the elfload.c file, specifically checking if guest_base is non-zero. This suggests it's a runtime issue because it's about the program's internal state during execution. The problem isn't with a specific instruction or a syscall; rather, it's that some condition expected by QEMU wasn't met when running in chroot mode without /proc. + +Additionally, the workaround involves bind-mounting /proc, which is more related to how the environment is set up for the guest rather than any issue with instructions or syscalls. So this points towards a runtime error because it's about the state of the process during execution. + +Therefore, the category should be 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1889411 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1889411 new file mode 100644 index 000000000..a20e8a26f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1889411 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU and RISC-V. The user provided a detailed example where using GDB with QEMU isn't able to unwind the stack upon signals like SIGABRT, SIGSEGV, or SIGILL. When they trigger these signals in their test program, instead of getting a proper backtrace, GDB just shows an unresolved address. + +First, I'll read through the problem again. They have a C program with several levels of function calls leading to an abort(). When running under QEMU and attaching GDB, the initial breakpoint works fine and gives a clear backtrace. But when the signal is actually triggered (like SIGABRT), GDB can't unwind the stack and only shows ?? in the backtrace. + +The user mentions that this behavior doesn't happen on real hardware and speculates that QEMU's signal handling might be different from the Linux kernel. They also reference a GDB issue related to RISC-V, suggesting it's more of an environment-specific problem rather than a compiler or GDB bug per se. + +Looking at the categories provided: instruction, syscall, runtime. I need to determine which one fits best. The issue doesn't seem to be about a specific faulty instruction being executed; it's more about how signals are handled during runtime. It also doesn't directly involve a problem with system calls themselves but rather the signal handling mechanism. + +So, considering this, the bug is related to how QEMU handles signals at runtime when debugging with GDB. Therefore, it falls under the "runtime" category because it's an error that occurs during program execution, specifically in the way QEMU manages signals and stack unwinding. +</think> + +The issue arises during runtime due to improper signal handling by QEMU, preventing stack unwinding. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1890 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1890 new file mode 100644 index 000000000..d7cc77d7a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1890 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to figure out this bug report about QEMU-arm 8.1.0 throwing an error when running a Cortex-M binary. The user provided steps to reproduce and some additional info. Let me break it down. + +First, they created a simple C program that prints "hello world". They compiled it using arm-none-eabi-gcc with the cortex-m55 target and included rdimon.specs. Then, when trying to run it with qemu-arm specifying the cortex-m55 CPU, they get an error: "Error mapping file: Operation not permitted." + +They mentioned that version 8.0.4 works fine but 8.1.0 has this issue. Also, their compiler is arm-none-eabi-gcc 10.3.1. + +Hmm, the error message says something about mapping a file. Mapping files in memory usually relates to how the system allows or restricts certain operations. Since it's QEMU, maybe there's a change in how the emulator handles file permissions or memory mappings between versions. + +I wonder if this is a runtime issue because it happens when running the program, not during compilation. It could be related to syscalls if QEMU isn't handling some system call properly. Alternatively, maybe an instruction-level issue if the Cortex-M55 has new instructions that QEMU isn't handling correctly in 8.1.0. + +But the error is about mapping a file, which doesn't sound like a specific instruction or syscall problem. It might be more general runtime behavior—perhaps QEMU changed how it loads or executes binaries, leading to this permission issue. + +So I think the category here would be 'runtime' because it's an error that occurs when running the program in QEMU, not during compilation or with a specific system call. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1892081 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1892081 new file mode 100644 index 000000000..aba97ab01 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1892081 @@ -0,0 +1,20 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report related to QEMU. The user provided a description about performance improvement when using "QEMU_FLATTEN" with softfloat type conversions, specifically in a matrix multiplication program for double data types. They mentioned that adding the "QEMU_FLATTEN" attribute reduces the instructions per call by 63%, and they've included before and after screenshots from KCachegrind. + +First, I need to understand what each category means: + +1. **Instruction**: This would be if there's a problem with an assembly instruction or something related to how the CPU executes commands. +2. **Syscall**: If the issue is related to system calls, like issues when interacting with the OS kernel. +3. **Runtime**: Errors that occur during the execution of the program, not necessarily tied to specific instructions or syscalls. + +In this case, the problem isn't about a faulty instruction in the generated code (so not "instruction"). It's also not related to system calls, as it's more about function flattening and performance within QEMU. The issue seems to be how the function is handled at runtime—specifically, optimizing the function calls by using an attribute that reduces the number of instructions per call. + +The user mentions performance improvements due to adding an attribute, which affects how the code is compiled or executed. This sounds like a runtime optimization because it's about how the program behaves while running, not during compilation or at the instruction level. + +So, putting it all together, this bug report falls under "runtime" because it involves optimizing function calls and their performance impact during execution. +</think> + +The classification of the given bug report is based on the nature of the issue. Since the problem revolves around function call optimization and its effect on runtime performance, it fits into the runtime category. + +**Answer:** +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1894029 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1894029 new file mode 100644 index 000000000..bbd52ec18 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1894029 @@ -0,0 +1,29 @@ +<think> +Okay, so I'm trying to figure out what's going on here. The user is using qemu-i386-static on a 64-bit machine and running into an issue where their malloc calls are returning pointers that seem off by 2 bytes each time they request memory. Let me break this down step by step. + +First, looking at the test program they provided, it's pretty straightforward. They're allocating four blocks of memory: two using `malloc(sizeof(uint32_t))` and two using `malloc(4)`. After that, they print out the pointers and check the size of uint32_t, which is 4 bytes as expected. + +The output shows the pointers increasing by 0x10 each time. Wait, no—looking at the numbers: pa is 0x400051a0, pb is 0x400051b0, pc is 0x400051c0, and pd is 0x400051d0. So each allocation increases by 0x10 (which is 16 in decimal), not 2 bytes as the user mentioned. Hmm, maybe I misread that part. + +Wait, no—the user said they applied for 4 bytes but the pointer increased by 2 bytes. That's confusing because from their output, each allocation increases by 16 bytes. Maybe there was a typo or misunderstanding in how they presented the issue. + +But assuming the actual problem is that the pointers are increasing by 2 bytes instead of 4 when allocating 4-byte blocks, what could cause this? Well, one possibility is related to memory alignment. On x86 systems, allocations are usually aligned to word boundaries (which for 32-bit would be 4 bytes). But since they're using a 64-bit host system running an i386 emulator, there might be some differences in how the memory is managed. + +Another angle is looking at how malloc works. Malloc doesn't necessarily return memory that's exactly the size requested due to internal overhead and alignment requirements. So even if you ask for 4 bytes, the actual block could be larger because of bookkeeping information added by the allocator. + +Wait a second—the user is using qemu-i386-static, which runs 32-bit code on a 64-bit host. Could there be an issue with how the emulator handles memory allocations? Maybe the malloc implementation in the emulated environment isn't properly handling pointer increments or there's some bug in the way it interacts with the host's memory management. + +Alternatively, perhaps the issue is related to how pointers are being printed. The printf format specifier %x expects a 32-bit integer, but if the pointers are 64-bit on the host, truncating them might cause unexpected behavior. However, since they're running in an i386 environment, pointers should be 32 bits, so that shouldn't be an issue. + +Another thought: could this be related to stack or heap corruption? If the program is freeing the memory correctly but still seeing issues, it's less likely. But if there was some overwriting of memory, it might cause miscalculations in pointer increments. + +But looking back at the problem statement, the user is asking why applying for 4 bytes results in a pointer increase by only 2 bytes. Wait, that doesn't align with their output where each allocation increases by 16 bytes. Perhaps they made a mistake in describing the issue. Or maybe the actual problem is different. + +Wait, perhaps I misread the output. Let's look again: pa is at 0x400051a0, pb at 0x400051b0—difference of 0x10 (16 bytes). Then pc at 0x400051c0 and pd at 0x400051d0. So each allocation is indeed 16 bytes apart, not 2 or 4. So maybe the user's actual issue is different from what they described. + +Alternatively, perhaps in their real scenario, the pointer increments are smaller than expected, but in this example, it's working correctly. Maybe I should focus on the fact that they're using a static emulator and whether there's something wrong with how malloc is implemented within qemu-i386-static. + +I think the key here is to classify the bug into one of the given categories: instruction, syscall, or runtime. The issue seems to be related to memory allocation behavior under the emulator, which is part of the runtime environment rather than a problem with system calls or specific instructions. So it's likely a runtime error. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1895 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1895 new file mode 100644 index 000000000..ec920e8d3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1895 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report as part of QEMU. The user mentioned that when using qemu-user (specifically for riscv64), compiling a source file with g++ results in a segmentation fault, which doesn't happen on real hardware. + +Looking at the steps provided, they set up an Arch Linux riscv64 container using qemu-user and then try to compile a reduced test case. The error is a segmentation fault from g++, pointing to cc1plus crashing. They've already determined it's not a g++ bug since it doesn't reproduce on real hardware. + +The user also provided some context that qemu-user uses a fixed stack size and ignores RLIMIT_STACK requests, which can cause issues with programs that need more stack space than allocated. This makes me think the problem is related to memory management during program execution in the emulator. + +Now, considering the categories: instruction, syscall, runtime. + +- **Instruction** would be if there's a specific CPU instruction causing the issue. But here, it's about stack size, not an individual instruction. + +- **Syscall** relates to system calls failing. The problem isn't with a particular syscall but rather with how resources (stack) are managed. + +- **Runtime** covers errors that happen during program execution, such as memory issues. Since the segmentation fault is due to insufficient stack space, it's a runtime error specific to qemu-user's handling of stack limits. + +So, putting it all together, this seems like a runtime issue because it's about how the emulator manages resources during program execution. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1895080 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1895080 new file mode 100644 index 000000000..6d6f68bb3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1895080 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report as part of QEMU under one of the given categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The user is encountering an assertion failure in `pgb_reserved_va` within `elfload.c`. The error message shows that the address returned by mmap doesn't match what's expected. They also had to fix a compilation issue by adding an include for `<linux/falloc.h>` because of an undeclared constant. + +Looking at the function `pgb_RESERVED_va`, it's trying to reserve virtual address space using mmap with specific flags, expecting the address to be as specified. The assertion fails when `addr` doesn't equal `test`, which is the address returned by mmap. + +I think this is related to how memory is managed during runtime in QEMU, specifically when loading an ELF file. The failure occurs because mmap didn't return the expected address, causing an internal check to fail. This seems like a runtime error rather than something related to instructions or syscalls directly. + +So, I would categorize this as a runtime issue. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1895305 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1895305 new file mode 100644 index 000000000..bc697ed91 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1895305 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to classify this bug report about pthread_cancel failing when using musl libc with QEMU. Let me go through my understanding step by step. + +The user provided a minimal sample code that creates a thread which loops indefinitely and then tries to cancel it after a sleep. The issue occurs when the binary is built with musl libc and run on QEMU, resulting in an error message or signal. + +From the test results table, it looks like the problem specifically happens when both the QEMU build and the binary are using musl libc. In other cases (like glibc), everything works fine. + +The user mentioned that the output is "RT33" with exit code 161 in an Alpine Linux chroot, which uses musl. When using QEMU, it terminates with a real-time signal 2 and exit code 164. + +I know that pthread_cancel sends a cancellation request to a thread. If the target thread doesn't handle cancellations properly, this can cause issues. Also, in some environments, signals might be handled differently. + +Now, thinking about possible categories: instruction, syscall, or runtime error. The issue here seems to involve how QEMU handles certain system calls or threading functions when using musl libc. Since the problem arises during the execution of pthread_cancel, which is part of the runtime environment, it's more likely a runtime error rather than an incorrect instruction or a syscall issue. + +So, I think this falls under the "runtime" category because it's about how QEMU interacts with the threading functions at runtime when using musl libc. +</think> + +The bug report describes an issue where pthread_cancel causes a crash in a program built against musl libc when run on QEMU. The problem occurs during execution, specifically related to thread cancellation handling. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1895471 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1895471 new file mode 100644 index 000000000..5b050241e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1895471 @@ -0,0 +1,11 @@ +<think> +Okay, I need to classify this bug report related to QEMU. The user encountered a compilation error when using Clang to build QEMU with specific configurations. The error messages point to issues with C11 atomics in the file util/async.c. + +Looking at the errors, they mention that the address argument to atomic operations isn't a pointer to an _Atomic type. Specifically, the code is trying to use atomic_fetch_or and atomic_fetch_and on &bh->flags, which is of type unsigned int*. The compiler is expecting a pointer to an _Atomic type but got a regular unsigned int* instead. + +This issue arises during compilation, not during runtime or due to a faulty instruction or syscall. It's more about how the code uses C11 atomics incorrectly. The variables involved in atomic operations must be declared with the _Atomic qualifier to ensure proper handling by the compiler and hardware. Without this qualifier, Clang is flagging it as an error because it can't guarantee atomicity. + +So, the problem isn't with an instruction or a system call but rather with how the code uses atomic operations. Therefore, the appropriate category for this bug is 'runtime' since it's related to the handling of variables during execution that affects concurrency and memory operations. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1895703 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1895703 new file mode 100644 index 000000000..2ba42e329 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1895703 @@ -0,0 +1,13 @@ +<think> +Alright, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. The report discusses performance degradation in TCG targets after switching to Meson build system. It mentions specific test results showing increased instructions for alpha and m68k targets. + +First, considering "instruction": This usually refers to a problem with individual CPU instructions, like incorrect handling or generation. Here, the issue is about performance, not correctness of instructions, so this might not fit. + +Next, "syscall": This category deals with system calls going wrong. The report doesn't mention any issues with syscalls, but rather an increase in executed instructions leading to slower performance. So syscall seems unrelated. + +Lastly, "runtime": This category covers errors or issues that occur during the execution of the program. Since the problem is about TCG (Translation Code Generation) performance, which affects how code runs and translates at runtime, this fits best. The build system change might have introduced inefficiencies in how TCG generates machine code, causing more instructions to be executed. + +Therefore, the category should be "runtime". +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1904259 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1904259 new file mode 100644 index 000000000..b34c3efa2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1904259 @@ -0,0 +1,21 @@ +<think> +Okay, I'm trying to figure out what category this bug report falls into for QEMU. The user provided an error message from compiling QEMU on Ubuntu 16 i686 using Clang 11. The error is about misaligned atomic operations which could cause a performance penalty. + +Looking at the code snippets, it seems that the functions qatomic_set__nocheck and qatomic_read__nocheck are being used with pointers that might not be properly aligned. This is causing clang to throw an error due to the -Werror flag, which treats warnings as errors. + +The categories given are instruction, syscall, and runtime. I need to determine which one applies here. + +- **Instruction**: This would relate to assembly or specific CPU instructions. The issue here isn't about a faulty instruction but rather how atomic operations are handled in C code. + +- **Syscall**: This involves system calls. The problem doesn't seem to be related to any syscall errors but rather to memory alignment and atomic operations. + +- **Runtime**: These are errors that occur during execution, not compile-time. However, the issue here is a compilation error caused by warnings being treated as errors, which suggests it's more about code correctness or optimization than runtime behavior. + +Wait, actually, the misaligned atomic operation could cause performance issues at runtime because unaligned accesses can be slower or even cause exceptions on some architectures. But since the error occurs during compilation due to a warning being treated as an error, maybe it's not a runtime issue but rather a build-time issue. + +But looking back, the categories provided are instruction, syscall, and runtime. Since the problem is about atomic operations leading to potential performance penalties at runtime, even though it was caught during compilation, perhaps it still falls under runtime issues because it affects how the program will perform when run. + +Alternatively, maybe it's a build issue, but that category isn't listed. So among the options given, the closest fit would be runtime because it's about the behavior of the atomic operations at runtime causing performance penalties. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1906536 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1906536 new file mode 100644 index 000000000..95e1849a2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1906536 @@ -0,0 +1,13 @@ +<think> +Alright, let's try to figure out how to classify this bug report. The user is having an issue with QEMU where they can't set the SVE vector length (VL) above 512 bits after a certain commit. Before that commit, they could use the sve-max-vq option to set higher VLs like 1024 bits, which was useful for testing software compiled with fixed VLs. + +They provided steps to reproduce, compiling a small program and running it under QEMU with different VL settings. Prior to the commit, the output correctly reflects the VLs they set (1,2,4,8,16). After the commit, all outputs cap at 4, which corresponds to 512 bits. + +So, looking at the possible categories: instruction, syscall, runtime. + +The issue isn't about a faulty instruction being executed or an error in a system call. It's more about how QEMU is handling the configuration of SVE vector lengths during runtime. The problem arises when trying to set higher VLs, which affects the behavior of the simulated environment. + +Therefore, this seems like a runtime issue because it's related to how QEMU handles runtime configurations and settings for the processor's vector length. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1907817 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1907817 new file mode 100644 index 000000000..ccd991268 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1907817 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out how to classify this QEMU bug report. The user provided an assertion error they're encountering after updating to QEMU 5.2.0. The error is happening in qemu-aarch64 during some operation involving TCG (Tiny Code Generator). + +Looking at the details, the assertion failure is in `check_size_align` where `(maxsz & max_align) == 0` isn't satisfied. In their case, maxsz is 56. They traced this back to a specific commit which introduced changes in how `simd_desc` checks for alignment. + +The backtrace shows that the error occurs during some vector operations, specifically when handling FP (floating-point) or SIMD (Single Instruction Multiple Data) instructions. The function `clear_vec_high` and others related to FP register writes are involved, suggesting it's a runtime issue during instruction execution rather than something wrong with an input instruction itself. + +Since the problem arises during the execution of translated code, particularly when handling certain ARM A64 instructions, it doesn't seem like a faulty instruction is being described but rather an internal error in QEMU's handling of these operations. It also isn't related to syscalls but rather to runtime processing within the emulator. + +So considering the categories: instruction (faulty input), syscall (system call issue), or runtime (other runtime errors). This seems to fall under runtime because it's an error that occurs during normal operation, not due to a problem with the guest code instructions themselves. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1907969 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1907969 new file mode 100644 index 000000000..8860be9c8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1907969 @@ -0,0 +1,19 @@ +<think> +Alright, I'm trying to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let's break it down step by step. + +First, the problem occurs when running a specific C program under qemu-i386. The program segfaults when mixing threads and signals. Notably, this only happens if the program is statically linked to musl's libc and targets i386. If either the pthread calls or the second raise() are removed, the issue doesn't occur. + +The crash seems to happen in TCG-generated code during a %gs-relative access. That suggests something is going wrong with how memory is being accessed using the gs segment register, which is often used for thread-local storage (TLS). + +Looking at the program, it sets up a signal handler for SIGUSR1 and raises it once before creating a thread. After joining the thread, it raises the signal again, leading to the segfault. So the problem occurs after the thread has been created and joined. + +I know that when using threads with signals in Linux, there are some nuances. The first raise() works fine because it's done before any threads are started. However, after creating and joining a thread, something about the state might change that affects how signals are handled. + +The fact that the segfault happens during a %gs-relative access makes me think it's related to how TLS is being managed in the presence of threads. Maybe when the signal handler tries to write to stdout using write(), which involves some system call or accessing thread-local data, it's causing an issue because the gs base isn't correctly set up after the thread has been created and joined. + +Since the problem arises during execution runtime, specifically when the second raise() is called and the signal handler accesses memory via %gs, this seems like a runtime error. It's not necessarily a faulty instruction or a syscall error per se, but rather an issue in how the program is executing after certain operations have been performed. + +So putting it all together, the bug report describes an issue that happens at runtime when specific conditions (threads and signals) are met, leading to a segfault due to incorrect memory access. Therefore, the category should be 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1908 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1908 new file mode 100644 index 000000000..81cf03fcb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1908 @@ -0,0 +1,18 @@ +<think> +Alright, so I'm looking at this bug report where a test case for Cockatrice is causing a segfault in qemu-riscv64-static after a certain commit. The user has provided a backtrace and some code snippets from the generated code. + +First, the backtrace points to `code_gen_buffer` which suggests that it's related to the generated machine code by QEMU's TCG (Translation Coroutine Generator). The crash happens at `movzwl 0x0(%r13),%r13d`. This instruction is trying to load a word from an address stored in %r13 into %r13d, but it seems like this might be accessing invalid memory. + +Looking at the code around that instruction: + +- Before the crash, there's `mov $0xffffffffaf9bb4e0,%r13`, so %r13 is set to a large value. +- Then `movzwl 0x0(%r13),%r13d` tries to load from memory at %r13. + +But wait, in riscv64, user space addresses shouldn't be that high. The address 0xffffffffaf9bb4e0 is way beyond the typical userland range and might actually point to kernel space or unmapped memory. Accessing such an address would cause a segmentation fault because it's not valid for the process. + +The instruction causing the crash is part of the generated code by QEMU, which handles the emulation of RISC-V instructions on x86_64. It seems that during translation, QEMU isn't correctly checking whether the address being accessed is valid or not, leading to an invalid memory access. + +This kind of bug falls under a runtime error because it's happening while the program is executing and not necessarily at startup or due to a specific instruction decode issue. It's more about how the generated code interacts with memory during execution. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1908551 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1908551 new file mode 100644 index 000000000..3383ffe09 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1908551 @@ -0,0 +1,19 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me go through each part carefully. + +The user is reporting that when they run their test for strnlen using QEMU 5.2.0 with aarch64 SVE emulation, the test fails. However, it works fine when they specify `-cpu max,sve-max-vq=2`. They mention that the code shouldn't be vector length specific, so there's something wrong in how the emulator handles the vector instructions. + +Looking at the error messages, the function `__strnlen_aarch64_sve` is returning 64 when it should return values like 32 or 33. This suggests that the SVE (Scalable Vector Extension) functions are not handling certain cases correctly under QEMU's emulation. + +The possible categories are: + +1. **Instruction**: Faulty instruction description. +2. **Syscall**: Error with a system call. +3. **Runtime**: Other runtime errors. + +In this case, the issue isn't about a specific instruction being faulty or a problem with syscalls. Instead, it seems to be related to how QEMU emulates the SVE instructions during runtime, particularly when the vector length isn't set correctly. The test passes when the vector length is limited, indicating that the emulator's handling of variable vector lengths is causing the problem. + +Therefore, this bug falls under **runtime** errors because it's an issue with how the emulator processes the code at runtime, specifically with SVE instructions. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1909921 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1909921 new file mode 100644 index 000000000..0448732e8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1909921 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to figure out what category this bug report falls under. The user mentioned they're using QEMU inside a Docker container on a Raspberry Pi 4 with ESXi hypervisor. They're getting an error where QEMU is receiving a signal outside the vCPU context. + +First, looking at the error message: "handle_cpu_signal received signal outside vCPU context." This suggests that there's some kind of runtime issue within QEMU when handling signals, specifically not in the virtual CPU context. Signals are part of how processes communicate and handle events, like interruptions or errors. So this isn't about a specific instruction being wrong (instruction category) nor is it directly related to system calls (syscall). Instead, it's something that happens while the program is running. + +The user provided their QEMU version as 5.1.0 from Debian. The error seems to occur during execution when handling signals outside the expected context, which points towards a runtime problem. So, I think this falls under the 'runtime' category because it's an issue that occurs while the software is executing, not during instruction processing or system calls. +</think> + +The error is related to how QEMU handles signals at runtime, specifically outside the virtual CPU context, indicating a runtime issue. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1910 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1910 new file mode 100644 index 000000000..5cddcef5c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1910 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report. The problem is that certain applications crash in their signal handlers because the stack alignment isn't correct when using QEMU's x86_64 userspace. Specifically, there's a `movaps` instruction causing issues due to a misaligned stack address. + +Let me break down what I understand from the description. The user provided a backtrace where the crash happens in a signal handler. They mentioned that GDB shows the issue is with `movaps`, which requires 16-byte alignment. But the stack pointer (`$rsp`) when entering the signal handler isn't aligned properly. + +The x86_64 psABI says that `(%rsp - 8)` should be a multiple of 16 when control transfers to a function entry point. However, QEMU is setting `$rsp` to align to 16 bytes by ending with `0x..0`. The kernel code provided shows how the stack pointer is adjusted for signal frames. + +So, the issue arises because the alignment done in the kernel for the x86_64 userspace isn't correct when handling signals within QEMU. This misalignment causes the `movaps` instruction to fail, leading to a segmentation fault. + +Now, looking at the possible categories: instruction, syscall, runtime. The problem here is about how the stack is managed during signal handling in QEMU's execution environment. It doesn't seem to be a faulty instruction per se or a syscall issue. Instead, it's an error that occurs during runtime when the application tries to execute instructions after a signal is handled. + +Therefore, this bug falls under the 'runtime' category because it's related to how the program behaves at runtime due to improper stack alignment in signal handlers. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1913 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1913 new file mode 100644 index 000000000..3c2004fd9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1913 @@ -0,0 +1,25 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's see what each means and how it applies here. + +The user reported that after updating QEMU from version 8.1.0 to 8.1.1, running ldconfig in their sysroot causes qemu-aarch64-static to crash with a segmentation fault. Before the update, it worked fine. + +First, I should understand what each category entails. The instruction category is about issues caused by faulty instructions within QEMU, such as incorrect handling of CPU instructions. Syscall refers to problems when making system calls—maybe QEMU isn't handling them correctly in the emulator. Runtime errors are broader and include other runtime issues that don't fall into the first two categories. + +In this case, ldconfig is crashing under QEMU. It's a tool that runs on the target sysroot (Ubuntu 22.04 arm64). Since it worked before updating QEMU, it suggests something changed in how QEMU handles certain operations between versions 8.1.0 and 8.1.1. + +I need to think about what ldconfig does. It's a system utility that configures the dynamic linker runtime bindings. It reads shared library files from directories and updates the linker cache. This involves file operations, possibly accessing various libraries, which could involve syscalls or specific instruction handling. + +The fact that it crashes suggests an issue in how QEMU is emulating the environment for ldconfig. Since the problem started after updating QEMU, the bug is likely related to changes in QEMU's emulation code. + +Looking deeper, a segmentation fault (segfault) typically occurs when a program tries to access memory that hasn't been properly allocated or protected. In an emulator like QEMU, this could happen if there's an issue with how the process's memory space is being handled, perhaps during system calls or instruction execution. + +Considering possible causes: Maybe a specific syscall used by ldconfig isn't correctly implemented in QEMU 8.1.1. Or perhaps certain instructions executed by ldconfig are causing issues because of changes in the emulator's handling of those instructions. + +But since the crash happens when running ldconfig, which is an essential system utility that interacts with many parts of the filesystem and libraries, it's more likely a runtime issue rather than just an instruction or syscall problem. It could be related to how QEMU sets up the environment for the process, handles signals, manages memory mappings, or deals with shared libraries. + +Alternatively, if ldconfig relies on certain syscalls that were recently modified in QEMU and aren't handled correctly anymore, that would fall under the syscall category. However, without specific evidence pointing directly at a syscall issue, it's safer to categorize this as a runtime error because it involves broader execution issues beyond just instructions or individual syscalls. + +Therefore, considering the crash is happening during normal operation of ldconfig under QEMU after an update, and given that it worked before, the most appropriate category would be runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1914870 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1914870 new file mode 100644 index 000000000..d1842ff21 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1914870 @@ -0,0 +1,29 @@ +<think> +Okay, so I'm looking at this bug report about a compilation failure when trying to build QEMU on Debian unstable. The user provided a lot of details, including their system information and the specific error messages they encountered. + +First, I'll try to understand what's going wrong. The errors all seem to be coming from `/usr/include/string.h`, which is part of the C standard library. The compiler is complaining about missing binary operators before certain tokens, like `(` in some macros. There are also errors where `size_t` hasn't been declared and that `__BEGIN_DECLS` isn't a type. + +Hmm, why would this happen? Well, looking at the error messages more closely, they seem to be related to preprocessor directives in `string.h`. The compiler is interpreting parts of these macros incorrectly. For example, lines 36, 53, and others are using conditionals like `#if defined __cplusplus && (__GNUC_PREREQ (4, 4)`, but the compiler is treating them as syntax errors. + +Wait a minute, this might be an issue with how the preprocessor is handling these conditionals. The error about missing binary operators before "(" suggests that maybe the macros are not being expanded correctly, or perhaps there's an issue with the way they're written in `string.h`. + +Another angle: the user is compiling C++ code, but `string.h` is a C header. In C++, you should include `<cstring>` instead of `<string.h>`. Maybe that's causing some compatibility issues. Let me check the source file mentioned: `utils.cc`, which includes `utils.h` from libvixl, and that in turn includes `string.h`. + +So perhaps the problem is that when compiling as C++, including a C header like `string.h` can cause issues because of differences in how the preprocessor handles things. For instance, some macros might expand differently or not at all, leading to syntax errors. + +Let me think about possible solutions. The first step would be to change the include from `<string.h>` to `<cstring>`, which is the C++-friendly version. This might resolve the preprocessor issues because `<cstring>` is designed for use in C++ and handles things like namespace and function declarations appropriately. + +Alternatively, there could be a problem with the way the compiler is handling certain macros or conditionals. Maybe some feature of `string.h` isn't compatible with GCC 10.2.1 when compiling as C++. Checking if others have encountered similar issues might help. I recall that sometimes including `<string.h>` directly in C++ can cause unexpected behavior because it doesn't account for C++ features like namespaces. + +Another possibility is that there's a missing include or a define that affects how `string.h` is processed. For example, some headers require certain defines to be set before inclusion to work correctly in different contexts. Maybe adding something like `_GNU_SOURCE` could help, but I'm not sure if that would resolve these specific errors. + +Looking at the error messages again: the compiler doesn't recognize `size_t`, which is defined in `<stddef.h>`. So perhaps the issue is that when including `<string.h>` without including `<stddef.h>` first, the necessary types aren't declared. But in C++, including `<cstring>` should handle that by pulling in the correct headers. + +Wait, but if the code is written to include `<string.h>` directly, then it's not following standard practice for C++. So changing it to use `<cstring>` might fix both the missing `size_t` and the preprocessor errors. + +In summary, the problem seems to stem from including a C header (`<string.h>`) in a C++ source file. This can cause issues because of how the preprocessor handles macros and type declarations differently in C++. The solution would be to replace `<string.h>` with `<cstring>` in the `utils.h` file to ensure proper compatibility when compiling as C++. +</think> + +The issue arises from including a C header (`<string.h>`) in a C++ source file, leading to preprocessor and type declaration errors. Replacing it with the C++-friendly `<cstring>` resolves these problems. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1915531 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1915531 new file mode 100644 index 000000000..3a3f99c83 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1915531 @@ -0,0 +1,11 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. The user provided a detailed description of the issue where qemu-user is hanging due to glib allocation problems during forking in multi-threaded environments. + +Looking at the problem, it's happening during the execution when multiple threads and forking are involved. The hang occurs because glib's memory management isn't fork-safe, leading to deadlocks on mutexes. This isn't an issue with a specific instruction or a syscall itself but rather how resources are managed during runtime, especially after forking. + +The workaround suggests using G_SLICE=always-malloc, which points towards issues in dynamic memory allocation and thread safety at runtime. The problem arises because the child process inherits some locked state from the parent, causing it to hang when accessing glib's structures. + +So this isn't an instruction-level bug or a syscall issue. It's more about how the application handles resources and concurrency during runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1915925 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1915925 new file mode 100644 index 000000000..44e4005dd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1915925 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU and ARM semihosting. The user provided some details that might help me understand what's going on. + +First, they mentioned that when using the HEAPINFO semihosting call in QEMU, there's an issue where data is written to the wrong address. According to the ARM documentation, the parameter register should point to a pointer of a four-field data block. But it looks like QEMU is treating this register as pointing directly to the data block instead. + +The user provided a link to their code example, which uses newlib in semihosting mode and calls HEAPINFO during the crt0 routine. When they run this in QEMU, the program crashes either due to an invalid write or memory corruption, depending on how the program is structured. + +They also referenced a discussion with the newlib community where this issue was brought up. From what I gather, the problem arises because of how QEMU handles the parameter for the semihosting call. It seems like it's not interpreting the pointer correctly. + +Now, looking at the possible categories: instruction, syscall, or runtime. The bug isn't about a faulty instruction itself but rather about how parameters are handled during a system call (HEAPINFO is a semihosting SVC call). However, the issue doesn't seem to be directly related to a system call per se but more about the runtime environment—specifically, memory management and how pointers are used. + +The problem occurs at runtime when QEMU processes the parameter incorrectly, leading to invalid writes or memory corruption. This suggests that it's a runtime error because it happens while the program is executing, not during compilation or instruction execution itself. + +So, putting this together, I think the category should be "runtime" since the issue arises from how the runtime environment (QEMU) handles the data structures passed to semihosting calls. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1916344 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1916344 new file mode 100644 index 000000000..5fe7bf88c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1916344 @@ -0,0 +1,13 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report about QEMU on macOS. The user is having issues with networking when running a CentOS 8 VM using user mode networking. They installed podman and tried pulling an image, but it failed with an "unexpected EOF" error. + +First, the problem seems related to networking because they're using user mode (slirp) which handles network connections. On Linux, this doesn't happen, so it's specific to macOS. The error suggests that QEMU isn't forwarding all data from the host socket to the guest, causing the connection to close prematurely. + +Looking at the possible categories: instruction, syscall, runtime. Since the issue is about how QEMU handles network data during runtime, particularly with slirp, it doesn't seem like a faulty instruction or a syscall error. It's more of an operational problem that occurs while the VM is running. + +So, I think this falls under "runtime" because it's related to how QEMU manages the connection during operation. +</think> + +The issue occurs when QEMU, specifically its user mode networking component (slirp), improperly handles network data during runtime. This leads to premature closure of connections affecting podman operations inside the VM. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1917184 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1917184 new file mode 100644 index 000000000..fdf847353 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1917184 @@ -0,0 +1,9 @@ +<think> +Alright, I'm looking at this bug report related to QEMU. The user is encountering a segfault when using vm86() under certain conditions—specifically, when an interrupt occurs while cs:ip and ss:sp are on the same page. + +The problem happens in QEMU 5.2.0 on an x86-64 host. The issue arises because do_int tries to write to a non-writable page. So it's related to memory management during interrupt handling. + +Looking at the categories, 'runtime' seems appropriate here since this is an error that occurs while the program is running, not necessarily due to a faulty instruction or a syscall issue. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1918026 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1918026 new file mode 100644 index 000000000..52b7752dc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1918026 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU's RISCV64 simulation of 32-bit AMOs (Atomic Memory Operations). Let me break it down step by step. + +First, the user provided a test case with specific assembly instructions and expected outcomes. The tests involve using `amomaxu.w` and `amomax.w`, which are atomic operations that compare and swap integers. The issue is that after executing these AMO operations, the values in memory aren't what's expected. For example, when they run `test(&value, -11)`, the value ends up as -11 instead of staying at -7. + +Looking deeper, the user suggests that the problem lies in how QEMU handles these atomic operations. They mention that the function `trans_amo<op>_w` is incorrectly using `tcg_gen_atomic_fetch_<op>_tl` (which I assume stands for 64-bit operations) instead of `tcg_gen_atomic_fetch_<op>_i32` (for 32-bit). This makes sense because the AMOs in question are 32-bit, so using a 64-bit function would mishandle the data. + +Now, considering the categories provided: instruction, syscall, runtime. The issue here isn't with a system call or an instruction being incorrect per se; rather, it's about how QEMU is handling these specific atomic operations during execution. Since the problem arises when running code that uses these AMOs and affects memory values at runtime, it seems like a runtime error. + +So, putting it all together: The bug report deals with how QEMU simulates certain atomic operations, leading to incorrect results when executing the program. This simulation issue occurs while the code is running, making it a runtime problem. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1926044 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1926044 new file mode 100644 index 000000000..12f0913d5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1926044 @@ -0,0 +1,13 @@ +<think> +Alright, I need to classify this bug report under one of the given categories: instruction, syscall, or runtime. Let's break it down step by step. + +The user is reporting an issue where QEMU-user doesn't report HWCAP2_MTE. They provided a specific commit hash and host details. The test case with mte-3.c works correctly, printing "OK", but their custom test mytest.c fails, outputting 0 instead of the expected value. + +Looking at the code in mytest.c, it's checking for HWCAP2_MTE using getauxval(AT_HWCAP2). It seems that QEMU isn't setting this bit when it should. The problem occurs during runtime because the program is executing and making a system call (getauxval) which returns incorrect information. + +The issue arises when running under QEMU with --cpu max, suggesting it's not correctly emulating or reporting CPU capabilities. This affects how the program runs, specifically in detecting MTE support via HWCAP2. + +So, this isn't an instruction fault or a syscall error per se, but rather an incorrect runtime behavior where QEMU doesn't report the correct HWCAP2 flags. Therefore, it's classified under 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1926202 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1926202 new file mode 100644 index 000000000..da12ab827 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1926202 @@ -0,0 +1,15 @@ +<think> +Okay, I'm trying to classify this bug report related to qemu-user not running some PPC binaries correctly. The issue seems to occur when using a statically-linked binary from CentOS with QEMU version 6.0.0-rc5 built in static mode. The error message mentions an illegal instruction (signal 4), which suggests that the CPU is encountering an instruction it doesn't recognize or can't handle. + +First, I'll consider what each category entails: + +1. **Instruction**: This would involve a specific machine instruction causing issues. If QEMU isn't handling certain instructions correctly, this could lead to crashes. +2. **Syscall**: This relates to errors when making system calls. The problem might be in how QEMU translates or handles system calls from the guest OS. +3. **Runtime**: These are other runtime errors that don't fall into the above two categories, like memory management issues or timing problems. + +The error message points to an "illegal instruction," which suggests a problem with handling specific CPU instructions. However, since it's happening in QEMU's user mode emulation, it might not be a straightforward instruction issue but rather how QEMU translates syscalls or handles the binary execution environment. + +I'm leaning towards this being a **runtime** error because it's an unexpected crash during execution that isn't clearly tied to a specific instruction or syscall. It could involve issues like incorrect CPU features being enabled, misconfiguration in the emulation setup, or problems with how static binaries are handled in user mode. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1926246 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1926246 new file mode 100644 index 000000000..eac427199 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1926246 @@ -0,0 +1,13 @@ +<think> +Alright, let me try to figure out how to classify this bug report. So, the issue is about Chrome-based apps not running under QEMU user mode. The problem occurs when Chrome tries to fork a render process using `/proc/self/exe`. The provided code example shows that it fails with "qemu: unknown option 'type=renderer'". + +From what I understand, Chrome uses `/proc/self/exe` to determine the executable path for its child processes. However, in a QEMU user-mode environment, this might not work as expected because QEMU emulates the system calls and could be handling the `/proc` filesystem differently. + +The user suggests modifying the `exec` syscall to replace `/proc/self/exe` with the real path. They also provided a patch that changes how Chrome determines its executable path by resolving symbolic links using `ReadSymbolicLink`. This seems to address the problem by getting the actual file path instead of relying on the symbolic link. + +Looking at the possible categories: instruction, syscall, runtime. The issue here doesn't seem to be about faulty instructions or system calls directly failing. Instead, it's more about how Chrome is handling its process forking in a runtime environment that behaves differently (QEMU user mode). So, this falls under runtime issues because it's an error that occurs during the execution of the application when interacting with a specific environment. + +Therefore, I think the category is 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1927530 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1927530 new file mode 100644 index 000000000..734f73a6a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1927530 @@ -0,0 +1,21 @@ +<think> +Okay, I'm trying to classify this bug report related to qemu-aarch64 and HWAddressSanitizer. The user is experiencing issues where the simulator isn't reporting tag mismatches as expected but instead throws a SEGV error pointing to an unknown address in the zero page. + +First, looking at the output from the test case, it seems that when running bitfield-2.exe under qemu-aarch64, the program crashes with a segmentation fault. The error message indicates that HWAddressSanitizer detected a DEADLYSIGNAL (SEGV) and points to an unknown address 0x0000000000f0. This suggests that the program is trying to access memory it shouldn't be accessing, possibly due to a tag mismatch not being reported correctly. + +The user expects a "tag-mismatch" error but instead gets a segmentation fault. This implies that the issue might be related to how QEMU handles MTE (Memory Tagging Extension) instructions or how it interacts with HWAddressSanitizer's instrumentation. + +Considering the possible categories: + +1. **Instruction**: This relates to faulty CPU instructions. If QEMU misimplements an instruction, especially one related to MTE, it could cause incorrect behavior. However, the error here seems more about memory access rather than a specific instruction fault. + +2. **Syscall**: Errors during system calls. The stack trace doesn't show any syscalls being problematic; instead, it's within HWASan and the test code. + +3. **Runtime**: Other runtime errors not covered by instructions or syscalls. Since the issue is about improper handling of memory tags leading to an unexpected SEGV, this seems like a runtime problem specific to how QEMU manages memory tagging or interacts with the sanitizer. + +The fact that it's in the hwasan testsuite and involves MTE suggests that the problem lies in how QEMU handles these tagged addresses. Perhaps QEMU isn't correctly propagating tag information or misreporting when tags don't match, leading HWASan to not catch the issue and instead causing a crash. + +So, this seems like a runtime error because it's about incorrect handling of memory operations during execution rather than a problem with specific instructions or syscalls. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1930 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1930 new file mode 100644 index 000000000..66d623495 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1930 @@ -0,0 +1,33 @@ +<think> +Okay, so I'm trying to figure out why the QEMU-aarch64 emulator is causing a segmentation fault when running this simple hello world program compiled for QNX. Let me walk through my thoughts step by step. + +First, the user has cross-compiled their code using the QNX SDP on Ubuntu Focal x86_64. They wrote a basic "Hello World" program and used the qcc compiler with the appropriate target architecture flags (-Vgcc_ntoaarch64le). That seems correct because they're targeting an AArch64 system. + +When they run the binary directly, it gives an error about not finding the linker (ldqnx-64.so.2). That makes sense because Ubuntu's system isn't set up to run QNX binaries natively. So, they try using QEMU-aarch64 to emulate the environment. + +But then QEMU throws a segmentation fault. Hmm. Segmentation faults usually happen when there's an invalid memory access or some issue with how the program is being executed in the emulated environment. + +Looking at their command: qemu-aarch64 -L /home/vsts/qnx710/target/qnx7/aarch64le ./hello-world. The '-L' option sets the emulator's root directory, which should point to where QNX's libraries and such are located. I'm assuming that path is correct because they have the target files from their QNX SDP installation. + +Now, why would this result in a segmentation fault? Maybe there's something wrong with how the binary expects to be loaded or how the environment is set up within QEMU. Perhaps the necessary libraries aren't being found correctly, leading to the program trying to access invalid memory when it can't find them. Or maybe there's an issue with how QEMU handles the AArch64 binaries for QNX specifically. + +Another thought: Could the way they're compiling the binary be causing issues? They used qcc with -Vgcc_ntoaarch64le, which should produce a binary that runs on an AArch64 LE system. But maybe there are some missing flags or dependencies when compiling for emulation versus a real QNX target. + +I also wonder if the version of QEMU they're using is compatible with the QNX SDP 7.1.0. They mentioned trying Ubuntu Jammy, which has qemu-aarch64 v6.2.0, but still get the same error. Maybe there's something specific about how QEMU emulates the environment that doesn't align with what the QNX binaries expect. + +Another angle: Could it be a problem with the binfmt registration? When they run the binary directly, they see an error about not finding ldqnx-64.so.2, which suggests that without QEMU, the system doesn't know how to handle these binaries. But when using QEMU, maybe there's still some configuration missing or incorrect. + +I should consider looking into whether the '-L' directory contains all the necessary files for the binary to run properly. Perhaps it's not set up correctly in the emulator, causing it to load libraries that don't exist or are mismatched. + +Also, checking if any debugging flags or verbose output from QEMU could provide more insight. Sometimes running QEMU with -d options can show where exactly it's failing, like missing symbols or incorrect mappings. + +Wait, maybe the segmentation fault is happening because the program expects certain system calls that QEMU isn't handling properly when in an emulated environment for QNX. Or perhaps the way the main function returns (without checking the printf return value) could cause issues, but that seems unlikely to result in a segfault. + +Alternatively, could it be an issue with stack alignment or memory management within the emulator? AArch64 has specific requirements for stack pointers and memory accesses, so if QEMU isn't correctly setting up these aspects when emulating, it might lead to crashes. + +I should also think about whether there's any documentation from QNX or QEMU regarding running binaries in such a setup. Maybe there are known issues or workarounds that the user hasn't applied yet. + +In summary, the segmentation fault likely stems from an issue with how the binary is being loaded or executed within the QEMU environment. It could be related to missing libraries, incorrect system call handling, or misconfigurations in the emulator setup specific to QNX binaries. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1936977 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1936977 new file mode 100644 index 000000000..575111f1f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1936977 @@ -0,0 +1,23 @@ +<think> +Alright, let's try to figure out how to classify this bug report about qemu-arm-static crashing with a segmentation fault when running "git clone". + +First, I need to understand what's happening here. The user is reporting that within a chroot environment using qemu-arm-static (which is used for emulating ARM on an x86 system), the command "git clone" causes a segmentation fault. They mentioned this was previously reported in bug #1869073, and it was supposed to be fixed in newer QEMU versions. However, they're on Ubuntu Focal, which doesn't have newer QEMU packages available even through backports. + +Now, the task is to classify this bug into one of three categories: instruction, syscall, or runtime. Let's break down each category: + +1. **Instruction**: This would involve issues with specific instructions causing problems. For example, if a certain assembly instruction was miscompiled or not handled correctly by QEMU. + +2. **Syscall**: Issues related to system calls going wrong. Maybe a syscall isn't being emulated properly, leading to the crash. + +3. **Runtime**: General runtime errors that don't fall into the above two categories, like memory management issues, incorrect state handling, etc. + +In this case, "git clone" is a high-level operation that likely interacts with various parts of the system, including file operations and network calls. A segmentation fault typically indicates a problem accessing invalid memory addresses, which could be due to a bug in how QEMU emulates certain instructions or handles syscalls. + +Looking at previous reports (#1869073), it was mentioned that newer versions fixed this, implying the issue might have been related to how specific instructions or syscalls were handled. Since Focal doesn't have newer packages, they're stuck with a version that hasn't addressed this particular bug. + +Considering "git clone" is a runtime operation within the emulated environment, and the crash occurs during its execution, it's likely a runtime error rather than an instruction or syscall issue specifically. The problem might stem from how QEMU handles certain operations during runtime in older versions. + +So, putting it all together, this seems like a runtime error because it's about how the emulator behaves while executing user code (git clone) and not directly tied to a specific instruction orsyscall mishandling. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1941 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1941 new file mode 100644 index 000000000..84b0345e6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1941 @@ -0,0 +1,13 @@ +<think> +Alright, I'm trying to classify this bug report about QEMU 8.0.4 related to VSX vector float to integer conversion instructions not handling NaN values correctly. Let me break it down. + +The user describes that certain VSX instructions like xvcvspsxws and others are producing unexpected results when the source vectors contain NaNs. Instead of converting non-NaN values properly, they're returning -9223372036854775808 or other incorrect integers where a valid conversion should occur. + +Looking at the provided outputs from QEMU 6.2.0 and 8.0.4, it's clear that in 8.0.4, when NaNs are present in the vector, subsequent non-NaN elements are being incorrectly converted to min int values or zeros instead of their correct integer representations. + +The problem occurs during runtime when these conversion instructions are executed. It doesn't seem to be a syscall issue because it's about how specific assembly instructions handle data, not system calls. It also isn't an instruction-level fault in the CPU itself but rather how QEMU emulates these instructions, especially in handling NaNs. + +Therefore, this bug is related to how the runtime environment (QEMU) processes these vector operations when NaN values are involved, leading to incorrect results. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1952 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1952 new file mode 100644 index 000000000..d82ab87fa --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1952 @@ -0,0 +1,11 @@ +<think> +Okay, so I need to figure out what category this bug falls into. The user provided a detailed report about a segfault when running an ELF binary compiled by Zig using QEMU. They showed that it works when run directly on the kernel but crashes in QEMU with SIGSEGV. + +From the description, the issue is related to how QEMU's ELF loader handles certain segments. Specifically, the problem arises because the loader assumes a particular relationship between virtual addresses and file offsets of PT_LOAD segments, which isn't always true. The user provided a diff that fixes this by adjusting how 'loaddr' is calculated. + +The classification options are instruction, syscall, or runtime. Since this issue happens during the execution of the binary within QEMU's emulator, it's more about runtime behavior rather than an incorrect instruction or a problem with system calls. The crash occurs because of an incorrect address calculation during loading, which affects how memory is mapped at runtime. + +So, I think this falls under 'runtime' errors. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/1953 b/results/classifier/deepseek-r1:32b/reasoning/runtime/1953 new file mode 100644 index 000000000..14a17cec5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/1953 @@ -0,0 +1,15 @@ +<think> +Okay, I need to figure out how to classify this segmentation fault issue when compiling an Elixir app on QEMU aarch64 under an x86_64 host. The user provided the error message and their GitHub Actions setup. + +First, looking at the error output, it mentions a Segmentation Fault occurring during the compilation of 'nimble_options'. That suggests that some code being executed is accessing memory it shouldn't, causing the crash. + +The user mentioned using Alpine 3.18 with OTP25 and JIT enabled. They suspect it's related to QEMU issue 1034, which I think refers to a problem with floating-point operations in the emulator. So maybe the JIT compiler is generating code that interacts poorly with QEMU. + +Now, classifying this bug: The options are instruction, syscall, or runtime. + +An instruction issue would be if there's an incorrect CPU instruction being used by the program. A syscall error would involve a problem with system calls. But here, it's more about the runtime environment—specifically how the emulator is handling certain operations during execution. + +Since the segfault happens while running Elixir code on QEMU, and considering the JIT aspect, this seems like a runtime issue in the emulator rather than an instruction or syscall error. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2027 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2027 new file mode 100644 index 000000000..9467c4ad5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2027 @@ -0,0 +1,13 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me start by understanding what each category entails. + +- **Instruction**: This would involve issues related to specific CPU instructions causing problems. For example, if an instruction is not handled correctly by QEMU. +- **Syscall**: This relates to errors when handling system calls between the guest OS and the host OS in QEMU. +- **Runtime**: These are other runtime-related issues that don't fall into the above two categories. + +Looking at the provided bug report, it's a crash log from a Go program. The output shows a lot of goroutines with statuses like "GC worker (idle)" and mentions functions like `runtime.gopark`, which suggests this is related to the Go runtime handling garbage collection or scheduling. + +Since the error occurs within the Go runtime's own processes—specifically, issues with goroutines and garbage collection—it doesn't seem to be about a specific instruction or a syscall. Instead, it points to an issue in how the runtime is managing these processes, which falls under the "runtime" category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2035 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2035 new file mode 100644 index 000000000..34cbbf70a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2035 @@ -0,0 +1,39 @@ +<think> +Okay, so I'm trying to figure out why the plugin exit callback isn't executing when running my QEMU setup. Let me start by going through the steps and code provided to understand what's happening. + +First, the user configured QEMU with specific options: targeting riscv32 and riscv64 for Linux userspace, enabling plugins, and disabling system emulation. That makes sense because they're focusing on userland applications. Then, they compiled their plugin using gcc with various flags, including the `qemu-plugin.h` header. + +The test binary is a simple hello world program, compiled with an riscv64 toolchain. When running QEMU with the plugin and debug option for plugins, everything seems to start fine—the "Hello From Plugin!" message appears, indicating that the install function was called successfully. The TB translation callback also works because it's printing the instructions as they're being translated. + +The problem arises when trying to get the exit callback to trigger. They expect to see "Goodbye from plugin" but don't. However, if they run their test binary in an infinite loop and terminate it with Ctrl-C, the exit callback does work. So why isn't it working under normal circumstances? + +Looking at the code, the `qemu_plugin_install` function correctly registers both callbacks: `vcpu_tb_trans` for translation blocks and `plugin_exit` as an exit callback. The exit callback is registered using `qemu_plugin_register_atexit_cb`, which should call the function when the plugin is being unloaded. + +In a normal execution flow, when the test binary (hello world) finishes running, QEMU exits because there's nothing else to do. At this point, all plugins should be unloaded, triggering their exit callbacks. But in this case, it's not happening. However, when the test binary runs indefinitely, the user can kill it with Ctrl-C, which causes QEMU to terminate and unload the plugin, thus calling the exit callback. + +This suggests that under normal termination (when the guest program exits), the exit callback isn't being called as expected. But why? + +I recall that in some cases, plugins might not be properly cleaned up if QEMU exits without any issues. Maybe there's a specific condition under which the atexit callbacks are triggered. Perhaps when QEMU exits normally, it doesn't unload the plugins in the same way as when it's terminated abruptly. + +Looking deeper into how QEMU handles plugin unloading: When QEMU exits normally (like after the guest program finishes), it should go through its cleanup process, which includes calling the exit callbacks registered by plugins. But if that's not happening, maybe there's an issue with how the plugin is being unloaded or perhaps a timing problem. + +Another angle to consider is signal handling. When the user sends Ctrl-C (SIGINT), QEMU catches this and initiates a graceful shutdown, ensuring that all cleanup steps are taken, including calling plugin exit callbacks. In contrast, when the guest program exits on its own, maybe some part of QEMU's shutdown process isn't triggering the same cleanup for plugins. + +Alternatively, perhaps there's an issue with how the exit callback is registered. The user used `qemu_plugin_register_atexit_cb`, which should be correct. But maybe in certain configurations or versions of QEMU, this function doesn't work as intended when the guest exits normally. + +I also need to check if any other parts of the code might interfere. For example, are there any errors during plugin initialization that could prevent the exit callback from being registered? The user's logs show that registration was successful because they print "Everything was registered." So it's likely not an issue with the registration itself. + +Perhaps I should look into QEMU's documentation or source code to understand how plugin unloading works. Maybe there are specific conditions under which exit callbacks are skipped, such as if certain errors occur during execution or if the plugin isn't properly marked for cleanup. + +Another thought: maybe the test binary is exiting too quickly, and the callback doesn't have time to execute before QEMU shuts down. But that seems unlikely because even with a quick exit, the atexit callback should still be called after all other operations are done. + +Wait, could it be related to how the plugin is linked or loaded? If the shared object isn't properly handled during unloading, the exit callbacks might not get triggered. Or perhaps the way QEMU handles plugins upon normal termination doesn't ensure that all registered atexit callbacks are executed. + +I should also consider if there's a difference between how QEMU terminates normally versus being interrupted by a signal. For instance, when QEMU is terminated abruptly, it might more thoroughly clean up resources, including plugins, whereas a normal exit might skip some steps for efficiency. + +To test this theory, the user could try running the guest program with a delay before exiting to see if that gives enough time for the plugin to be unloaded properly. Alternatively, they could check QEMU's source code or debug logs to see when and how the exit callbacks are invoked during normal shutdown versus signal termination. + +In summary, the issue seems to revolve around QEMU not invoking the plugin's exit callback under normal termination conditions but doing so when terminated abruptly. This suggests a possible bug in how QEMU handles plugin cleanup during graceful shutdowns. The category for this would likely be related to runtime behavior since it's about how the program behaves at runtime rather than instruction-level or syscall issues. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2072564 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2072564 new file mode 100644 index 000000000..d83af99cd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2072564 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to classify this bug where qemu-aarch64-static segfaults when running ldconfig.real on an amd64 host. The user provided some details about it happening in Ubuntu 24.04 with the package version 1:8.2.2+ds-0ubuntu1, and that downgrading to 8.0.4 fixed it. They also mentioned a GitLab issue linked to QEMU. + +First, I need to understand what's going on here. The problem occurs when running a Docker container emulating arm64 using qemu-aarch64-static, and inside the container, ldconfig.real causes a segfault. When they tried to run it directly with GDB, it also resulted in a segmentation fault. + +Looking at the categories provided: instruction, syscall, runtime. The user wants me to pick one. + +An instruction bug would involve a specific CPU instruction causing an issue. A syscall problem would relate to system calls failing or being mishandled. Runtime errors are more general issues that happen while the program is running but don't fall into the other two categories. + +In this case, the segfault happens during execution of ldconfig.real under QEMU. The fact that it's a known regression after v8.1.1 suggests it's a bug in QEMU's handling of something related to the emulation. Since it's not pointing specifically to an instruction or a system call issue but rather a general runtime problem, I think this falls under 'runtime'. + +So, the category is likely 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2082 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2082 new file mode 100644 index 000000000..25e704365 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2082 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU. The user mentioned that when they run certain x86_64 binaries on an aarch64 host using qemu-x86_64-static from version 8.1.3 and later, they get an error: "Unable to find a guest_base to satisfy all guest address mapping requirements." This doesn't happen with older versions of QEMU or when the binary is built differently. + +First, I'll think about what this error means. It seems related to how QEMU maps memory for the guest operating system. The error occurs during runtime when trying to execute the binary. So it's not a problem with an instruction being incorrect, nor is it necessarily related to a syscall failure. Instead, it's more about the environment or setup that QEMU provides for running the binary. + +The user tested on both Apple M1 and non-Apple aarch64 hardware, getting the same result, which points to a QEMU configuration or compatibility issue rather than something specific to the hardware. They also mentioned that building the binary manually on x86_64 works fine with the newer QEMU versions, but when built in an Alpine container, it fails. + +So, this is likely a runtime issue because it's happening while executing the binary under QEMU. It doesn't seem to be about incorrect instructions or syscalls failing; instead, it's about how memory mappings are handled during execution. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2119 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2119 new file mode 100644 index 000000000..2c74df826 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2119 @@ -0,0 +1,15 @@ +<think> +Alright, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's break down the information given. + +The bug report mentions "gdb debugging mode" and accessing V registers when the single-letter V is enabled. GDB is a debugger, so it interacts with the program at runtime. The issue seems to be about how certain registers are accessed during debugging. + +Looking at the categories: + +- **Instruction**: This would involve issues with specific CPU instructions not working correctly. +- **Syscall**: Problems related to system calls or interactions between user and kernel space. +- **Runtime**: Errors that occur while the program is running, including issues in debugging tools interacting with the runtime environment. + +The problem here isn't about a specific instruction failing or a syscall error. Instead, it's about accessing V registers during debugging, which affects how the debugger works at runtime. So this falls under runtime errors because it's about the behavior of the system while executing and being debugged. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2127 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2127 new file mode 100644 index 000000000..0e47eb959 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2127 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report from QEMU. The user provided an error message from test-aio-multithread.c where an assertion failed because the counter (316636) didn't match the atomic_counter (316637). My task is to determine which category this falls into: instruction, syscall, or runtime. + +First, I'll break down what each category means. "Instruction" would involve issues with specific CPU instructions, like incorrect assembly code or bugs in how instructions are executed. "Syscall" relates to problems with system calls, maybe an unexpected return value or a failure in a syscall function. "Runtime" is for other runtime errors that don't fit the first two categories, such as race conditions, threading issues, or memory management problems. + +Looking at the error message, it mentions a failed assertion in test_multi_fair_mutex. The variables counter and atomic_counter are off by one. This makes me think about concurrency issues because mutexes are used for thread synchronization. The fact that they're not equal suggests that perhaps there's a race condition or an issue with how threads are accessing shared resources. + +In QEMU, which is an emulator, multithreading is common, especially in handling I/O operations asynchronously. A test failure like this often points to a problem in the threading model or synchronization primitives. Since it's about counters and mutexes, it's likely related to how threads are interacting with these resources during runtime. + +I don't see any mention of specific instructions failing or syscalls returning errors. The issue seems more about the program's execution flow and thread interactions than anything related to individual instructions or system calls. Therefore, this bug is probably a runtime error, specifically something like a race condition or improper handling of atomic operations. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2156 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2156 new file mode 100644 index 000000000..c127b9b12 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2156 @@ -0,0 +1,18 @@ +<think> +Alright, I need to classify this bug report for QEMU as either "instruction", "syscall", or "runtime". Let's break down what the issue is. + +The user reported that running qemu-x86_64-static three times in a row with /bin/true causes a segmentation fault. The error message mentions an internal SIGSEGV from QEMU, which points to an access error at a specific memory address. + +I remember that SIGSEGV usually indicates a problem accessing memory that the program isn't allowed to touch. In this case, it's happening within the QEMU process itself when it's trying to emulate another instance of itself multiple times. + +Looking at the possible categories: +- "Instruction" would involve a specific CPU instruction causing issues, but there's no mention here of any particular instruction failing. +- "Syscall" relates to errors with system calls, but the problem seems more internal to QEMU rather than an issue with how it interacts with the OS through syscalls. +- "Runtime" covers other runtime errors that don't fall into the first two categories. Since this is a segmentation fault within QEMU's execution when handling multiple instances, it fits under runtime issues. + +So, the most appropriate category here is "runtime". +</think> + +The bug report describes an internal error (SIGSEGV) occurring during runtime while running multiple instances of QEMU. This doesn't relate to a specific instruction or syscall issue but rather to how QEMU handles its own execution. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2157 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2157 new file mode 100644 index 000000000..8b0e0ec27 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2157 @@ -0,0 +1,13 @@ +<think> +Alright, let's try to figure out what category this bug falls into. So, the problem is that qemu-i386 can't run 32-bit x86 binaries on hosts where the page size is larger than 4KB, like LoongArch, ppc64le, or arm64 with three-level page tables. + +First, I'll look at the steps provided. The user compiles a simple exit(0) binary for x86 using either i586-linux-gnu-gcc or a regular gcc with -m32 flag. Then they run it on a non-x86 host using qemu-i386-static. + +The issue arises because the .text segment of these binaries is aligned at 4KB, but on hosts with larger page sizes (like 64KB for ppc64 or arm64), this alignment doesn't work. The problem is in the pbg_dynamic function within elfload.c, which seems to have alignment requirements that aren't met when the host's page size is bigger than 4KB. + +Now, looking at the possible categories: instruction, syscall, runtime. The user mentioned that the bug is related to how QEMU handles the page alignment during execution. It doesn't seem like it's about a specific instruction being wrong or an issue with syscalls. Instead, it's more about the environment setup when running the binary in QEMU. + +So this error happens at runtime because QEMU can't properly load the binary due to alignment issues on systems with larger page sizes. The problem occurs when trying to execute the program, not during compilation or instruction execution per se. Therefore, the category should be runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2208 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2208 new file mode 100644 index 000000000..11cecf5a8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2208 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The user is working on a TCG plugin called execlog that's supposed to log register changes, including the PC (program counter). They're using QEMU with the -one-insn-per-tb option and without it. When they run their test binary with this option, the PC updates for each instruction as expected. However, without the option, some PC values aren't updating in the logs even though each instruction should change the PC. + +The documentation says that the plugin should dump registers when they change. The user's code correctly reads the PC using qemu_plugin_read_register(), but it seems like this function isn't providing the updated value every time it's called. This suggests a problem with how the register values are being retrieved or tracked within QEMU's TCG plugins. + +The issue doesn't involve any specific instruction behaving incorrectly, so it's not an instruction category. It also doesn't seem to be related to system calls since the problem is about register updates during normal execution. Therefore, this falls under a runtime error because it's happening during the normal operation of QEMU when using the plugin. + +So, I think the correct category for this bug report is 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2223 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2223 new file mode 100644 index 000000000..8cf3a2bdc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2223 @@ -0,0 +1,13 @@ +<think> +Okay, I need to figure out what category this bug falls into. The user provided a detailed report about their RISC-V project running on QEMU where the code behaves differently based on whether a certain snippet is inside a function or directly in main. + +First, looking at the problem description: when they run the same code within a function, it works fine, but when placed directly in main, it hangs. This suggests that the issue might be related to how variables are handled or memory usage, perhaps stack overflows or something similar. + +The user tested without optimizations and using malloc instead of FreeRTOS's allocator, but no success. The problem doesn't seem to involve syscalls since the code is minimal and doesn't use RTOS features beyond the setup. + +They also mentioned QEMU environment issues, which could point towards a runtime error rather than something in the toolchain or user-space code. Since the issue occurs at runtime when running on QEMU, it's likely related to how QEMU handles certain instructions or states during execution. + +Possible categories are instruction, syscall, or runtime. Since no specific instruction is faulty and no syscalls are involved, it points towards a runtime error in QEMU. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2304 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2304 new file mode 100644 index 000000000..09c955197 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2304 @@ -0,0 +1,21 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report for QEMU. Let me read through it again to make sure I understand the issue properly. + +The user is reporting that when they disable SVE (Scalable Vector Extension) using `-cpu max,sve=off` in QEMU, the system still reports SVE2 as enabled via `getauxval(AT_HWCAP2)`. This inconsistency is a problem because SVE is required for SVE2 to be valid. The user provided a small program that demonstrates this by checking both HWCAP and HWCAP2. + +From what I know, QEMU allows users to specify CPU features, including SVE. Disabling SVE should logically disable any extensions like SVE2 since they depend on it. However, the current behavior doesn't do that, which can lead to incorrect feature reporting in the guest OS or applications running inside. + +Looking at the categories provided: instruction, syscall, runtime. I need to determine where this bug fits. + +- **Instruction**: This would relate to how specific CPU instructions are handled. Since the issue is about feature flags being incorrectly set, it doesn't directly involve an instruction fault. + +- **Syscall**: This category involves errors with system calls like read, write, etc. The problem here isn't a syscall error but rather incorrect reporting of hardware capabilities via `getauxval`. + +- **Runtime**: This covers issues that occur during the execution or runtime environment setup. Since the problem is about how QEMU sets up the CPU features and their advertisement to the guest, it seems like a runtime issue because it affects the environment in which applications run. + +So, the bug relates to the configuration of CPU features at runtime, specifically when disabling SVE but still advertising SVE2. This misconfiguration affects what applications see when they query hardware capabilities, leading to potential issues where software assumes SVE is present if SVE2 is enabled. + +Therefore, this should fall under the **runtime** category because it's an error in how QEMU sets up the runtime environment regarding CPU features. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2336 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2336 new file mode 100644 index 000000000..d7ee89034 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2336 @@ -0,0 +1,20 @@ +<think> +Okay, so I'm trying to classify this bug report for QEMU. Let me read through it carefully. + +The user is encountering a crash when running qemu-x86_64 on LoongArch. They built a static hello test on an x86_64 machine and then built qemu-x86_64 on LoongArch. When they run the hello program using QEMU, they get a Bus error (core dumped). + +The additional information mentions that this started happening since commit 45bf0e7aa648369cf8ab2333bd20144806fc1be3. They also provided logs with various debug options: -d in_asm, op, out_asm, strace. + +Looking at the possible categories: +- instruction: Faulty instruction causing issues. +- syscall: Error related to system calls. +- runtime: Other runtime errors. + +I need to figure out what's causing the bus error. Bus errors are typically memory-related, like accessing invalid memory or misaligned accesses. Since it's happening on LoongArch when running x86_64 code, maybe QEMU isn't handling some instruction correctly, leading to a bad memory access. + +The crash occurs during runtime, not necessarily due to a faulty instruction in the guest or an issue with system calls. It's more about how QEMU is executing instructions on LoongArch. + +So I think this falls under 'runtime' because it's an error happening at runtime when running the emulated program, likely related to how QEMU handles certain operations on the host architecture. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2353 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2353 new file mode 100644 index 000000000..efb1e57dd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2353 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU's user-mode emulation. The problem is that when running certain programs, like gcc on Alpine Linux AArch64, there's a segfault because the ELF interpreter is being mapped at address 0 in the guest space. This causes issues with musl libc which interprets a NULL base address incorrectly. + +Looking at the description, it seems the issue arises during the loading of the ELF image where the load_addr is set to 0 for the interpreter. Then, when this is passed to target_mmap(), QEMU translates this guest address into a host address. Since guest_base isn't zero, it's trying to map the interpreter at actual address 0 on the host, which violates Linux's policy of not mapping anything there. + +The user provided a patch that modifies the mmap functions in QEMU's linux-user/mmap.c. They changed how want_p is calculated by checking if start is non-zero before translating it. So, when start is zero (NULL), they pass 0 to mmap instead of translating it via g2h_untagged. + +Now, thinking about the categories: instruction, syscall, runtime. This issue doesn't seem to be directly related to an incorrect instruction being executed or a problem with a specific system call itself. Instead, it's more about how memory is being managed and mapped during runtime, leading to unexpected behavior when the program runs. + +So, I think this falls under "runtime" because it's an error that occurs while the program is executing, specifically due to incorrect address mapping. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2448 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2448 new file mode 100644 index 000000000..110ee3bd1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2448 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. The problem seems to be related to how the AT_EXECFD auxiliary value is handled when using binfmt_misc with QEMU as an interpreter for non-native binaries. Let me break it down step by step. + +First, from the description, when a binary is executed via QEMU's binfmt support and the 'O' flag is set (which I think enables opening the binary), if file descriptor 0 is closed, QEMU doesn't handle this correctly. Instead of leaving stdin closed, it opens FD 0 to point to the executable and passes it as AT_EXECFD. This causes the program to read from its own executable instead of having stdin closed. + +The user provided some code snippets showing how QEMU's main.c handles execfd. It checks if execfd is zero and then tries to open the exec_path, which might be problematic because a valid AT_EXECFD could be zero but intended to indicate that FD 0 is not used for the executable. + +Looking at the steps to reproduce, running commands like `cat <&-` should result in an error about the bad file descriptor. However, with QEMU's current behavior, it instead dumps the executable as if stdin was open and pointing to itself. This leads to incorrect program behavior, especially for tests that expect stdin to be closed. + +The user also mentioned that they looked into how `qemu_getauxval` works in `util/getauxval.c`. They noted that this function doesn't currently distinguish between AT_EXECFD being zero (a valid case) and not found. On Linux, glibc sets errno to ENOENT if the auxiliary value isn't present, which could be used to detect whether AT_EXECFD was actually set or not. + +So, the problem arises because QEMU incorrectly treats a zero execfd as meaning it needs to open the executable again, leading to FD 0 being left pointing to the binary. This should instead only happen if AT_EXECFD is not present (i.e., it's not found), allowing the program to have stdin closed. + +The user suggests that fixing this requires modifying `qemu_getauxval` to properly detect whether AT_EXECFD was set or not, perhaps by checking errno after a failed getauxval call. They're asking how to implement this correctly across different libc versions (like musl and glibc). + +Now, classifying the bug: The issue is about handling an auxiliary value incorrectly during execution setup. It's not directly related to an instruction being faulty or a syscall error per se. Instead, it's more about runtime behavior—how QEMU initializes file descriptors before executing the target binary. + +So, I think this falls under the "runtime" category because it's about how the program behaves when running and handling resources (file descriptors) incorrectly. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2460 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2460 new file mode 100644 index 000000000..628882b87 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2460 @@ -0,0 +1,15 @@ +<think> +Alright, I'm looking at this problem where someone noticed that QEMU-x86_64 performance dropped significantly starting from version 3 on an aarch64 host when running CoreMark. They provided a table showing coremark scores for various QEMU versions. + +First, I need to classify the issue into one of three categories: instruction, syscall, or runtime. + +Considering that the problem is about performance degradation over different QEMU versions, it's likely related to how QEMU handles instructions or emulates x86-64 on aarch64. The user mentioned running in user-mode, so it's probably not a kernel issue but rather something within the emulator. + +Looking at possible causes, I recall that QEMU uses various methods for CPU emulation, like dynamic translation (Tcg) or just-in-time compilation (JIT). Changes in how these are implemented between versions could affect performance. For instance, if newer versions introduced less efficient code paths or optimizations that didn't play well with aarch64. + +The drop from version 2.x to 3.x is stark—like from ~4500 to ~1167. That suggests some fundamental change in the way instructions are handled or translated. Maybe there was a switch in translation backends or changes in how system calls (syscalls) were handled, but since the issue persists across multiple versions beyond 3.0, it's more about an ongoing problem with instruction handling. + +So, considering these points, the category is likely "instruction" because the performance drop relates to how instructions are emulated rather than a specific syscall or runtime error. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2486 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2486 new file mode 100644 index 000000000..b48cca17d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2486 @@ -0,0 +1,19 @@ +<think> +Alright, I'm trying to classify this bug report for QEMU regarding RISC-V regression. The user mentioned that setting QEMU_CPU with f=false and zfinx=true is causing misleading error messages. + +Looking at the problem description, they're having trouble disabling the 'f' extension because even when setting it to false, it doesn't actually get disabled, leading to an error about the unsupported 'zfinx' extension. They provided an example where specifying j=false gives a property not found error. + +The steps to reproduce involve compiling a simple RISC-V binary and running it with specific QEMU_CPU settings. The key issue here seems to be that QEMU isn't correctly handling these CPU feature flags, leading to unexpected behavior or errors during execution. + +Now, considering the categories: instruction, syscall, runtime. + +- Instruction issues relate to how specific instructions are handled. +- Syscall issues involve system calls going wrong. +- Runtime errors are general runtime problems not tied to a specific instruction or syscall. + +This bug doesn't seem to be about an individual instruction failing but rather about the configuration of CPU features and their handling during execution, which affects the overall runtime behavior. The problem arises when running the binary with certain CPU settings, leading to incorrect feature activations. + +So, I think this falls under 'runtime' because it's a broader issue affecting how QEMU runs programs based on the specified CPU features. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2505 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2505 new file mode 100644 index 000000000..a883a32fd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2505 @@ -0,0 +1,17 @@ +<think> +Okay, I need to classify this bug report into one of the three categories: instruction, syscall, or runtime. The report says "Interpreter ELF flags ignored when selecting CPU." + +First, let me break down what this means. The interpreter is likely referring to how QEMU handles binaries, specifically ELF files which are common in Unix-like systems. When running a binary, QEMU's interpreter might ignore certain flags set in the ELF file that indicate which CPU it's meant for. + +Now, considering the categories: + +1. Instruction: This would involve issues with specific CPU instructions. Since the report is about ignoring ELF flags related to CPU selection, it doesn't directly mention faulty instructions being executed. + +2. Syscall: This category deals with errors in system calls. The problem here isn't about syscalls failing or misbehaving but rather about how QEMU selects the CPU based on ELF flags. + +3. Runtime: These are other runtime errors that don't fall into the first two categories. Ignoring flags during CPU selection affects how the virtual machine runs, which is a runtime issue because it happens while executing the program, not necessarily at startup or setup. + +So, the problem occurs when QEMU is running and trying to interpret the binary's requirements. It's ignoring important information (ELF flags) needed for proper CPU selection, leading to potential mismatches or incorrect behavior during execution. This fits under runtime errors because it's about how the system behaves while running the program. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2525 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2525 new file mode 100644 index 000000000..97606da90 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2525 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report from QEMU. The message says "bFLT triggers accel/tcg/user-exec.c:505: page_set_flags: Assertion `have_mmap_lock()' failed." + +First, let's understand what each part means. "bFLT" might be a specific test or bug identifier. The file path is pointing to a source code location in QEMU, specifically the TCG (Translation Control Graph) module in user-exec.c at line 505. The function page_set_flags is failing an assertion that checks if have_mmap_lock() returns true. + +So, what's happening here? An assertion failure usually means that some condition expected during runtime isn't met. In this case, the code expects to hold the mmap lock before proceeding with setting flags on a memory page. If it doesn't, the program aborts because something is wrong. + +Looking at possible categories: instruction relates to incorrect machine instructions, syscall involves system call issues, and runtime covers other in-process errors. Since the problem arises from an assertion during execution about internal state (lock ownership), it's not about an instruction or a syscall but rather an internal runtime condition failure. + +Therefore, this bug falls under the 'runtime' category because it's an error that occurs during the normal operation of QEMU when certain expected conditions aren't met. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2536 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2536 new file mode 100644 index 000000000..3dd79df95 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2536 @@ -0,0 +1,16 @@ +<think> +Okay, I need to classify this bug report about a dynamic translation issue with ARM instructions VFNMA and VFNMS in QEMU. Let me think through this step by step. + +First, I'll recall what each instruction does. VFNMA stands for Vector Float Negate Multiply Accumulate, and VFNMS is Vector Float Negate Multiply Subtract. Both are part of the ARM SIMD (Single Instruction Multiple Data) instructions used for floating-point operations in vector processing. + +The problem here is a dynamic translation issue, which suggests that when QEMU translates these ARM instructions into the host's machine code, there's an error happening. Dynamic translation typically refers to the process where an emulator converts instructions on-the-fly as they are executed, rather than beforehand. So if this is failing, it could cause incorrect execution or crashes. + +Looking at the possible categories: +- **Instruction**: This would be about a specific instruction not being handled correctly. +- **Syscall**: Issues related to system calls, which doesn't seem relevant here since the problem isn't with OS interactions but with instruction handling. +- **Runtime**: Errors that occur during runtime, which could include issues like incorrect translations causing crashes or wrong results. + +Since the issue is about translating specific ARM instructions leading to a dynamic translation problem, it's not directly a syscall issue. It's more about how QEMU handles these instructions at runtime. Therefore, this falls under a runtime error because the bug occurs during execution when these instructions are encountered. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2560 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2560 new file mode 100644 index 000000000..e59384c09 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2560 @@ -0,0 +1,15 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report for QEMU. The user provided a detailed description where running Go applications under qemu-x86_64 on an AARCH64 host causes crashes in the Go garbage collector. They disabled the GC with GOGC=off and it worked, so the issue is related to the GC. + +Looking at the stack trace from Go, it points to a problem in `lfstack.push`, which is part of the runtime's memory management. This suggests that something is going wrong with how QEMU handles certain operations that affect the heap or memory management in the Go process. + +The user also provided bisected commits in QEMU that seem to be related. One commit splits out `do_munmap`, and another deals with mmap placement for reserved VA space. These changes might have altered how QEMU manages memory mappings, leading to issues when Go's GC tries to handle its own memory structures. + +Since the problem arises from Go's runtime interacting with QEMU's handling of certain syscalls or memory operations, it's likely a runtime issue within Go caused by a change in QEMU. However, since the question is about classifying the bug in QEMU, I should consider how QEMU's changes affect the application's runtime. + +The crash occurs during memory management tasks (specifically with the garbage collector), which involves system calls like mmap and munmap. The bisected commits involve do_munmap and early mmap placement, indicating that these changes might have introduced a regression affecting applications' runtime environments. + +So, the issue seems to stem from QEMU's handling of syscalls related to memory management, which in turn affects Go's garbage collector. Therefore, it falls under the "runtime" category because it's an error occurring during the application's execution due to how QEMU manages certain operations. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2569 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2569 new file mode 100644 index 000000000..c649f501a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2569 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU's alpha target not supporting TCG plugin register tracking because there's no XML description. Let me break it down. + +First, the problem is that the alpha target in QEMU doesn't have a register list built from an XML file, which means register tracking isn't happening. The user suggests creating a synthetic XML to fix this. + +The reproduction steps involve running QEMU with specific plugins and options to test register tracking. + +Now, looking at the categories: instruction, syscall, runtime. The issue here is about register tracking support missing due to no XML. This seems like an oversight in setup rather than something happening during execution. So it's more of a configuration or setup problem. + +But wait, does this affect the runtime? If the plugin relies on register information that isn't available because there's no XML, then when you run QEMU with the plugin, it fails to track registers. That would be an issue at runtime because it happens while executing the program, not during setup. + +So even though it's related to missing configuration (XML), the consequence is a runtime failure of the plugin's functionality. Therefore, it falls under the runtime category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2580 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2580 new file mode 100644 index 000000000..de35192f6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2580 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm looking at this bug report where someone is trying to run a simple program using qemu-aarch64_be version 9.1.0, but it's failing with an error related to gdbstub. The user provided a minimal example: a C program that just has _start() doing nothing. They compiled it with clang targeting aarch64_be-linux, and then ran it under qemu. + +The error message says that in gdbstub.c line 493, the function gdb_find_static_feature is hitting code that shouldn't be reached. This causes QEMU to bail out with an abort signal. + +Hmm, so I need to figure out what category this bug falls into: instruction, syscall, or runtime. + +First, let's think about what each category means. An 'instruction' issue would relate to a problem with how the CPU handles specific instructions. A 'syscall' issue would involve problems when making system calls. 'Runtime' issues are other errors that occur during execution but aren't specifically tied to instructions or syscalls. + +In this case, the error is happening in gdbstub, which is related to debugging support within QEMU. The function gdb_find_static_feature is trying to find a static feature, but it's reaching code that's supposed to be unreachable. This suggests there might be an issue with how certain features are being handled or perhaps a missing feature. + +Since the problem arises when running any Linux program, it's not specific to a particular instruction or syscall. Instead, it seems more related to the runtime environment setup by QEMU, particularly the debugging stubs. Therefore, this is likely a 'runtime' issue because it's about how QEMU initializes or handles features during execution rather than executing instructions or handling syscalls. + +So, putting it all together, the bug should be classified under 'runtime'. +</think> + +The bug report describes an error occurring within QEMU's gdbstub component when running a program, which is related to runtime environment setup. The issue isn't specific to an instruction or syscall but rather to how certain features are handled during execution. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2590 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2590 new file mode 100644 index 000000000..64e6da164 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2590 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU and GDB not loading symbols from dynamically linked shared libraries. The user provided steps to reproduce where they start QEMU with a debug port, connect GDB, but it fails to load the shared libraries, resulting in breakpoints in functions like printf not working. + +First, I need to understand what's going on here. When using QEMU as a debugger target, sometimes there are issues with how shared libraries are handled compared to native setups. In this case, the problem is that GDB isn't reading symbols from these libraries when connected via QEMU. + +The user mentioned that it works fine when using gdbserver on a native x86_64 machine and connecting from an ARM64 machine. So the issue seems specific to how QEMU handles symbol loading for shared libraries during debugging. + +Looking at the possible categories: instruction, syscall, runtime. The problem here isn't about a faulty instruction or a system call error. Instead, it's more about how the environment is set up and handled at runtime when using QEMU as an emulator/debugger. + +So this falls under runtime errors because it's about the behavior during execution when interacting with shared libraries in the emulated environment. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2596 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2596 new file mode 100644 index 000000000..9c008f15b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2596 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report related to QEMU. The issue mentioned is about an "Invalid note in PT_GNU_PROPERTY" during elf parsing under endianness issues on Linux user mode. + +First, I'll break down the components involved. Elf parsing relates to how executables are read and interpreted by the system. PT_GNU_PROPERTY is a specific section in an ELF file that contains properties for the GNU linker. Endianness issues can cause problems when different architectures interpret data differently (like big-endian vs little-endian). + +Now, looking at the categories: instruction, syscall, runtime. + +- Instruction would relate to a problem with a CPU instruction. +- Syscall refers to errors in system calls between user and kernel space. +- Runtime covers other issues that occur during program execution. + +This bug isn't about a specific instruction failing or a syscall error. Instead, it's about parsing an ELF file incorrectly due to endianness, which affects how the program runs at runtime. So it falls under runtime errors because it's happening while executing the program and not necessarily related to instructions or syscalls. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2598 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2598 new file mode 100644 index 000000000..9b83c8122 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2598 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report for QEMU. The user mentioned an issue on a Linux user on a RISC-V64 host where it's unable to find a guest_base to satisfy all guest address mappings. Hmm, let me think about what each category means. + +The categories are instruction, syscall, and runtime. Instruction would be if there's a problem with the actual machine instructions being executed, like a CPU issue or an incorrect opcode. Syscall relates to problems when making system calls, maybe something wrong in how the OS interacts with the hardware via syscalls. Runtime is more about general errors that happen while the program is running, not necessarily tied to specific instructions or syscalls. + +In this case, the error is about guest_base and address mapping. QEMU uses guest_base as a starting point for mapping guest memory. If it can't find an appropriate base, it's probably a configuration issue during runtime. It doesn't seem like there's an instruction that's faulty or a specific syscall that failed; rather, it's more of a setup problem when trying to run the VM. + +So I think this falls under runtime because it's an error occurring while QEMU is running and setting up the guest environment. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2606 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2606 new file mode 100644 index 000000000..4d751e23b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2606 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU's PowerPC host code breaking on Darwin. Let me go through the details step by step. + +The user reported that when they tried building QEMU on a Darwin PPC system, it failed to compile because the assembler syntax was incorrect and the ABI wasn't properly handled. They provided a patch they used earlier which fixed the build issues but caused the binary to crash upon launch. So now, the problem isn't just compiling; it's also about runtime behavior. + +Looking at the patches they applied, I can see changes in assembly files for both ppc and ppc64 architectures under safe-syscall.inc.S. The main modifications involve changing register usages from numbers like 30, 1 to r30, r1, which suggests that the previous code was using a different ABI or assembler syntax incompatible with Darwin's PowerPC setup. + +The crash on launch indicates that even though the build worked after applying these patches, there are runtime issues. This could mean that the modified assembly isn't fully compliant with the expected ABI for Darwin's PPC environment. Maybe some registers aren't being handled correctly, stack frames aren't properly restored, or function calls aren't following the required conventions. + +So, considering the categories: instruction, syscall, runtime. The problem started as a build issue (instruction) but after fixing that, it became a runtime crash, suggesting an issue during execution rather than just incorrect assembly code or system call handling. Therefore, the primary category here is runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/261 b/results/classifier/deepseek-r1:32b/reasoning/runtime/261 new file mode 100644 index 000000000..fece1d681 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/261 @@ -0,0 +1,13 @@ +<think> +Okay, I'm trying to classify this bug report about QEMU related to Nios2 user-mode emulation and broken signal handling. Let me think through what each category means here. + +The instruction category would involve issues with how specific instructions are handled by the emulator. If the problem was a particular instruction causing an error, that would fit. But the issue here is about signals not being handled properly, which isn't directly tied to individual instructions. + +Next, the syscall category involves errors when making system calls. While signals can be related to syscalls (like sigreturn or kill), the main issue seems broader than just a specific syscall. It's more about how the emulator manages signal delivery and handling in user mode. + +The runtime category covers other runtime errors that don't fall into instructions or syscalls. Since this is about signal handling during emulation, which affects how processes run and interact with signals, it's an operational issue that occurs at runtime rather than a specific instruction or syscall problem. + +So, the best fit here seems to be the runtime category because the bug involves the overall handling of signals within the user-mode environment during execution. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2619 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2619 new file mode 100644 index 000000000..e9c3fdfa3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2619 @@ -0,0 +1,15 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report about an INTEGER_OVERFLOW in nios2.c for QEMU. Let's break it down step by step. + +First, I know that QEMU is a processor emulator, and nios2.c probably refers to the Nios II CPU emulation code. The issue mentioned is an integer overflow, which happens when a program tries to store a number larger than what can be stored in a variable of a certain type. + +Looking at the possible categories: instruction, syscall, or runtime. + +An instruction-related bug would involve an incorrect machine-level instruction being generated or handled. A syscall error would relate to system calls not working properly. But integer overflow usually occurs during runtime when values exceed their limits, causing unexpected behavior. So this seems like a runtime issue. + +Therefore, the category should be 'runtime'. +</think> + +The bug report describes an integer overflow occurring during runtime in the Nios II CPU emulation code within QEMU. This is classified under runtime errors because it involves an error that happens while the program is executing due to value exceeding its allowed range. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2628 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2628 new file mode 100644 index 000000000..4f0c47d95 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2628 @@ -0,0 +1,19 @@ +<think> +Alright, let's try to figure out how to classify this bug report. The user provided a problem where dpkg-deb crashes when running in a chroot environment using QEMU. They mentioned that it happens on certain architectures like armv7, aarch64, and s390. The errors include signals like Aborted and Segmentation fault. + +First, I need to understand what each category means: + +1. **Instruction**: This would mean there's an issue with the actual machine instructions being executed. Maybe incorrect or undefined opcodes are causing the problem. +2. **Syscall**: This involves issues when interacting with system calls. For example, a bug in how QEMU handles certain syscalls on different architectures. +3. **Runtime**: General runtime errors that don't fall into the above two categories. + +Looking at the error messages, dpkg-deb is crashing with signals like Aborted or Segmentation fault. These are runtime issues because they occur while the program is executing. The fact that it's happening across multiple architectures suggests it might be related to how QEMU emulates these architectures. + +But why classify this under 'runtime' and not 'instruction'? Well, a segmentation fault usually points to a memory access error in the application or emulator. Since dpkg-deb is crashing inside QEMU's emulation environment, it could be that QEMU isn't handling some part of the instruction set correctly, leading to incorrect memory accesses. + +Alternatively, if it were an instruction-level problem, we'd expect specific opcodes to cause the crash, but the report doesn't mention anything like that. Instead, it seems more about how QEMU is running the code, possibly in translating or executing instructions for these architectures, leading to runtime errors like segfaults. + +So, putting this together, the issue seems to stem from runtime errors within the emulation environment provided by QEMU when handling certain operations required by dpkg-deb on different architectures. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2632 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2632 new file mode 100644 index 000000000..0cab28899 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2632 @@ -0,0 +1,13 @@ +<think> +Alright, let's try to figure out what category this bug falls into. The user provided a detailed problem description about some code and how it's being optimized incorrectly by TCG (Translation Component Generator) in QEMU. They mentioned that after optimization, a dependency between two loads is removed, leading to incorrect behavior in a multi-threaded program. + +Looking at the original code, there are two loads: one storing w0 to [x1], then loading w2 from [x1], performing an EOR operation on w3 using w2, and then another load with w4. The dependency is that the first store must complete before the second load can be done. + +In the translated TCG IR, this dependency is maintained correctly initially. But after optimizations, the EOR instruction is optimized to a simple move of zero, which removes the dependency between the loads. This causes an issue in a multi-threaded environment because the order isn't enforced anymore, leading to possible race conditions or incorrect data being loaded. + +Now, looking at the categories provided: instruction, syscall, runtime. The bug doesn't seem to be about a faulty instruction itself but rather how the code is being translated and optimized by QEMU's TCG. It's an issue during runtime because it affects the program execution, especially in multi-threaded scenarios where memory access ordering matters. + +So, this seems like a runtime error caused by incorrect optimization, leading to broken memory access ordering. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2647 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2647 new file mode 100644 index 000000000..0fcccc926 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2647 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU. The user provided some code from accel/tcg/user-exec.c and pointed out an issue in the conditional judgment involving acc_flag. Let me break down what's happening here. + +Looking at the function probe_access_internal, it seems to be handling memory access permissions for different types of operations: store, load, and fetch. Depending on the access_type, it sets acc_flag to PAGE_WRITE_ORG, PAGE_READ, or PAGE_EXEC respectively. + +The problematic line is where there's a condition checking if (acc_flag == PAGE_WRITE || acc_flag == PAGE_READ). Wait, but acc_flag can only be one of three values: PAGE_WRITE_ORG, PAGE_READ, or PAGE_EXEC. So using PAGE_WRITE instead of PAGE_WRITE_ORG might be incorrect because they're different constants. + +The user is pointing out that in this condition, it's checking for PAGE_WRITE when acc_flag could actually be PAGE_WRITE_ORG. This seems like a mistake because the code should check whether acc_flag matches the correct flag set earlier. If this condition isn't met correctly, it might lead to incorrect memory access permissions being enforced, which could cause runtime issues. + +Now, considering the categories given: instruction, syscall, and runtime. The issue here doesn't seem to be about a faulty instruction or a problem with syscalls. Instead, it's an error in handling memory accesses during execution, which would affect runtime behavior. So this bug falls under the runtime category because it's causing incorrect behavior while the program is running. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2655 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2655 new file mode 100644 index 000000000..490add2de --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2655 @@ -0,0 +1,19 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let's look at the problem description and see what it's about. + +The user is discussing an issue in the QEMU codebase, specifically in the function `vext_ldff()` within `target/riscv/vector_helper.c`. They provided a snippet showing a loop where for each index `i`, certain probe functions are called. The concern is that when using a plugin with memory callbacks, the function returns TLB_MMIO, causing `vl` to be set to 1 and only loading the first element. This behavior happens in both user mode and full-system mode. + +The problem arises during vector operations, specifically with instructions like `vle(x)ff.v`. The issue seems related to how memory accesses are handled when plugins are involved. The function `probe_access_flags()` is returning a certain flag that affects the loop's execution, leading to premature termination after only the first element is processed. + +Now, considering the categories: + +1. **Instruction**: This would be if there was an error in handling a specific instruction or generating incorrect instructions. While the problem occurs during vector operations, it seems more like how memory accesses are being handled rather than a specific instruction issue. + +2. **Syscall**: If this were related to system calls (like getsockopt, read, etc.), but here it's about virtual machine memory handling and vector operations, not syscalls. + +3. **Runtime**: This category covers other runtime errors or unexpected behaviors during execution. The problem is happening at runtime when the function doesn't behave as expected, especially when plugins are involved. It affects how memory is probed and loaded during vector operations. + +The issue isn't about an instruction being faulty but rather how QEMU handles memory accesses in a specific scenario. Therefore, it's a runtime error because it's causing unexpected behavior during program execution. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2672 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2672 new file mode 100644 index 000000000..2f481441e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2672 @@ -0,0 +1,20 @@ +<think> +Okay, so I need to figure out how to classify this bug report about QEMU. The user provided a detailed problem description and some steps. Let me try to understand what's going on here. + +The issue is that when running a binary in QEMU with RISC-V64 baremetal emulation, there's an illegal instruction happening after a jal (jump and link) instruction. From the code snippet: + +0x80006070: addi a0,zero,2 +0x80006074: jal ra,-3940 # 0x80005110 + +Then, the next address is 0x80006078 which has an illegal instruction. The problem seems to be that after the jal, instead of taking the jump correctly, the execution continues into an invalid area, causing an exception. + +So, looking at this, it's about how QEMU handles certain instructions and jumps. The issue arises during runtime when executing the binary, not necessarily with a system call or a faulty instruction itself but perhaps in how the program flow is managed. + +Now, considering the categories: instruction, syscall, runtime. This doesn't seem to involve a syscall error because there's no mention of any system calls failing. It also isn't about a faulty instruction per se, since jal and addi are valid instructions, but rather an issue with the program flow—like how jumps or returns are handled. + +Therefore, this seems like a runtime issue where the emulator is incorrectly handling the jump or not properly setting up the return address, leading to execution of invalid code. So, I think it falls under 'runtime'. +</think> + +The bug report describes an error that occurs during runtime when executing instructions in QEMU, specifically with how jumps and returns are handled. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2683 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2683 new file mode 100644 index 000000000..72e3a634a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2683 @@ -0,0 +1,17 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the problem description again to understand what's going on. + +The issue is about inconsistent behavior in the probe_access() function between full-system and linux-user modes in QEMU. In full-system mode, when the TLB_MMIO flag is set, probe_access returns NULL, which leads to using a slow-path for memory access (cpu_stb_mmuidx_ra) and correctly injecting mem_cbs. However, in linux-user mode, it returns the correct address instead of NULL, causing the fast-path (memset) to be used without injecting callbacks. + +The problem affects RISC-V's helper_cbo_zero() function, which handles zeroing memory. The inconsistency leads to different behaviors depending on the QEMU mode. To fix this, probe_access() should return NULL in both modes when TLB_MMIO is set, ensuring consistent handling of memory access and callbacks. + +Now, looking at the categories: + +- Instruction: This would be if the bug was about a specific CPU instruction being handled incorrectly. +- Syscall: If it involved errors with system calls. +- Runtime: Errors that occur during runtime but aren't related to instructions or syscalls. + +This issue isn't directly about an instruction or a syscall; rather, it's about how memory accesses are handled at runtime. The inconsistency in probe_access affects the execution flow and memory callbacks during runtime operations. Therefore, it falls under the runtime category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2730 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2730 new file mode 100644 index 000000000..277092e9b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2730 @@ -0,0 +1,13 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me look at the details provided. + +The user mentions that they're using QEMU and ran into an issue with RISC-V instructions. The commands are 'lui s0, 0x80000' followed by 'lw a1, -48(s0)'. After executing these, a1 becomes 0xffffffff, which is unexpected. + +Hmm, the problem seems to be related to how QEMU handles these specific assembly instructions. The error occurs during runtime when executing these commands, leading to an incorrect value in register a1. This doesn't seem to be a syscall issue because it's not involving any system calls. It also isn't about faulty instructions since both 'lui' and 'lw' are valid RISC-V instructions. + +So the error is likely due to how QEMU processes these instructions during runtime, perhaps a bug in the emulator's handling of memory loads or address calculations. Therefore, it falls under the 'runtime' category. +</think> + +The issue occurs while executing assembly instructions within QEMU, leading to an incorrect value. It's related to runtime processing rather than faulty instructions or syscalls. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2738 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2738 new file mode 100644 index 000000000..be9c4fc23 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2738 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the problem description carefully. The issue is about Go 1.23 build hanging when running under qemu-user on an x86_64 host. + +The steps involve setting up qemu-user for a foreign architecture and then building a Docker image with podman specifying the arch as aarch64. From what I know, qemu-user is used to emulate other architectures without requiring full virtualization. It handles binary translation. + +Now, considering the categories: instruction would relate to issues with specific CPU instructions. Syscall relates to system calls causing problems. Runtime involves general runtime errors outside of these. + +In this case, since it's about building Go code under emulation and hanging, it might be related to how Go interacts with the emulated environment. Maybe something with signal handling or process management during compilation. This doesn't seem to be a problem with an instruction or a specific syscall but rather something happening in the runtime environment provided by qemu-user. + +So I think the category is runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/275 b/results/classifier/deepseek-r1:32b/reasoning/runtime/275 new file mode 100644 index 000000000..18f3be344 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/275 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU. The error message says "Error in user-mode calculation of ELF aux vector's AT_PHDR." Hmm, let me break this down. + +First, I know that QEMU is an emulator used for running different operating systems and computer architectures. So, bugs here can be related to various parts like the CPU emulation, system calls, memory management, etc. + +The error mentions "user-mode calculation," which makes me think it's something happening in the user space rather than kernel space. User mode typically refers to processes running with limited privileges, so issues here might relate to how applications are handled by QEMU. + +Then there's "ELF aux vector." I remember that ELF is a file format for executables and shared libraries, commonly used in Linux. The auxiliary vector is part of the process environment when a program starts; it contains information like program headers (PHDR) which tell the system how to load the executable. + +The specific error is about AT_PHDR, which is an entry in the auxiliary vector that points to the program header table in the ELF file. So if there's a problem calculating this in user mode, maybe QEMU isn't setting it correctly when emulating the process start. + +Looking at the categories provided: instruction, syscall, runtime. The error doesn't seem to be about a faulty CPU instruction or a system call issue. It sounds more like an internal calculation during runtime, perhaps related to how QEMU handles ELF files and their auxiliary vectors when running user-mode processes. + +So I'm leaning towards "runtime" as the category because it's an error occurring while executing a program in user mode within QEMU, not directly tied to a system call or instruction execution but more about process setup. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/276 b/results/classifier/deepseek-r1:32b/reasoning/runtime/276 new file mode 100644 index 000000000..45c2a6a53 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/276 @@ -0,0 +1,9 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report from QEMU. The error message says it's about an "Error in user-mode calculation of ELF program's brk." Hmm, I remember that the brk() system call is used to change the end of the heap segment in a program, so that might relate to memory management. + +I'm looking at the possible categories: instruction, syscall, runtime. The error seems related to how the program is running and managing memory dynamically, which is something that happens during execution. So it's probably not an issue with a specific instruction or a problem with the system call itself but rather how the program is handling resources in user mode. + +Therefore, this should fall under the 'runtime' category because it's an error occurring while the program is running. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2761 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2761 new file mode 100644 index 000000000..aa5eb3b06 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2761 @@ -0,0 +1,17 @@ +<think> +Okay, I need to classify this bug report under one of the given categories for QEMU. The user provided an error message about failing to emulate x86_64 on ARM64, specifically mentioning "Unable to find a guest_base to satisfy all guest address mapping requirements." + +First, looking at the error, it seems related to memory addressing during emulation. The problem occurs when trying to run an x86_64 binary (bash) on an ARM64 system using QEMU. The issue arises because the emulator can't find a suitable base address for the guest's memory mappings. + +The categories given are instruction, syscall, and runtime. Let me consider each: + +1. **Instruction**: This would involve issues with specific CPU instructions not being handled correctly. Since the error is about memory mapping rather than executing an instruction, this doesn't seem to fit. + +2. **Syscall**: Errors here relate to system calls failing or being incorrectly handled. The problem isn't about a syscall but about address space setup, so this might not be the right category either. + +3. **Runtime**: This covers other runtime errors that don't fall under instruction or syscall issues. Since the error occurs during the initialization phase when setting up the guest's memory mappings, it's more of a runtime issue related to virtualization setup rather than execution of instructions or system calls. + +Therefore, this bug is best classified as a **runtime** error because it's happening at runtime when trying to set up the environment for the guest OS. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/280 b/results/classifier/deepseek-r1:32b/reasoning/runtime/280 new file mode 100644 index 000000000..d45f8998c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/280 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm looking at this bug report about QEMU and Debian Bullseye having issues running Chrome and loading HTML. The user wants me to classify it into one of three categories: instruction, syscall, or runtime. + +First, I need to understand each category. "Instruction" refers to a problem with the CPU instructions, maybe something not being supported. "Syscall" is about system calls going wrong, perhaps permissions or compatibility issues there. "Runtime" covers other runtime errors that don't fall into the first two categories. + +Now, Chrome isn't running and HTML isn't loading in this setup. I know Chrome uses a lot of modern web technologies like WebGL and WebAssembly. If QEMU is involved, especially with ARM64 emulation on x86_64, there might be performance issues or compatibility problems with these technologies. + +I'm thinking that the issue might not be a specific instruction fault but more about how the environment handles runtime operations. Maybe the rendering isn't working because of missing graphical drivers in QEMU or compatibility layers not handling certain OpenGL calls properly. That doesn't sound like a syscall error since it's more about how Chrome interacts with the graphics stack rather than system calls. + +So, putting it together, this seems like a runtime issue because it's about how the application runs within the emulated environment, possibly related to graphical rendering or resource management rather than specific instructions or syscalls. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2802 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2802 new file mode 100644 index 000000000..34c87229e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2802 @@ -0,0 +1,17 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report. The user mentioned that it's part of QEMU and provided some context about the issue. Let me break down what's happening here. + +First, the problem involves the `fdtox` and `fqtox` instructions in SPARC. These instructions are not correctly selecting the destination register when it's higher than `f31`. The test program shows that instead of getting 60, it prints 0. That suggests something is wrong with how the registers are being handled. + +Looking at the steps to reproduce: they're using a cross-compiler and QEMU to run a test program. The issue arises during execution when using these specific instructions, which means it's happening while the code is running, not during compilation or system calls. + +The user also mentions that this bug was introduced by a commit related to how destination registers are selected in the decoder tree. This points towards an issue with how instructions are being processed at runtime rather than a problem with the compiler or system calls themselves. + +So, considering the categories: instruction, syscall, and runtime. The problem is clearly not with a system call since it's about assembly instructions. It also isn't about a faulty instruction per se, but more about how registers are handled during execution. Therefore, this falls under a runtime error because it occurs while the program is running. + +I think the category should be 'runtime' because it involves an issue that happens at execution time due to incorrect register selection. +</think> + +The bug report describes an issue with how destination registers are selected during instruction processing in QEMU. Since it's related to the execution of specific instructions and their handling, it falls under a runtime error. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2815 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2815 new file mode 100644 index 000000000..5fae26c72 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2815 @@ -0,0 +1,11 @@ +<think> +Okay, so I need to classify this bug report about QEMU user-mode segfaulting when using clang 17 or newer with -fsanitize=function. The options are instruction, syscall, or runtime. + +Hmm, first, let me think about what each category means. Instruction issues would involve problems with specific CPU instructions causing the error. Syscall errors would relate to system calls not working correctly. Runtime errors are more general and happen during execution without necessarily being tied to a specific instruction or syscall. + +In this case, QEMU is crashing when running under TCG prologue after enabling function sanitization in clang. Function sanitization typically adds checks for undefined behavior, which can cause runtime issues if the code isn't handling it properly. So it's more about the runtime environment and how QEMU handles the instrumented code rather than a specific instruction or syscall. + +So I think this falls under runtime because it's an error happening during execution due to the way the code is compiled with sanitization, not necessarily a faulty instruction or a problem with system calls. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/2846 b/results/classifier/deepseek-r1:32b/reasoning/runtime/2846 new file mode 100644 index 000000000..008bad5a4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/2846 @@ -0,0 +1,21 @@ +<think> +Okay, I'm trying to classify this bug report about QEMU where "linux-user hangs if fd_trans_lock is held during fork." Let me break it down. + +First, I know that in programming, especially in systems like QEMU which involve emulating other operating systems, concurrency and locking can be tricky. The term "fd_trans_lock" suggests a lock related to file descriptors or some translation between them, maybe during process forking. + +The issue is happening during a fork operation. Forking is when a process creates a copy of itself, and in Unix-like systems, this involves duplicating the process context, including open files. If a lock (fd_trans_lock) is held at that time, it might prevent the child process from proceeding correctly, causing a hang. + +Now, looking at the categories provided: instruction, syscall, runtime. + +- Instruction would relate to an incorrect CPU instruction or assembly code issue. +- Syscall relates to errors in system calls like read, write, fork itself. +- Runtime refers to issues that occur during execution that aren't necessarily tied to specific instructions or syscalls but more about how the program behaves. + +This bug is about a situation where holding a lock causes the process to hang. It's not directly an error with a specific system call (like a wrong argument passed) but rather a runtime behavior issue due to concurrency and resource management during forking. So, it seems like a runtime error because it's happening during the execution of the program when certain conditions are met. + +I don't think it's a syscall error because the problem isn't with how a system call is being called or handled by the kernel but rather with the state (lock held) within the application during fork. It also doesn't seem to be an instruction-level issue since it's not about executing incorrect machine code. + +Therefore, the category should be runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/311 b/results/classifier/deepseek-r1:32b/reasoning/runtime/311 new file mode 100644 index 000000000..b0824cfc7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/311 @@ -0,0 +1,13 @@ +<think> +Okay, I need to classify this bug report about QEMU's user mode not implementing RT signals for SPARC guests. Let me think through each possible category. + +First, "instruction" relates to faulty instructions executed by the guest. The error here isn't about an instruction; it's about signal handling, so that's probably not it. + +Next, "syscall" deals with errors in system calls. RT signals are part of how the OS handles asynchronous events, which involves syscalls like sigaction or kill. But I'm not sure if this is a syscall error per se or more about runtime environment setup. + +Then, "runtime" covers other runtime issues. Since QEMU's user mode is failing to implement something (RT signals) for SPARC guests during execution, it seems like a runtime problem rather than an instruction or syscall issue. + +So I think the category is "runtime". +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/333 b/results/classifier/deepseek-r1:32b/reasoning/runtime/333 new file mode 100644 index 000000000..3c346dbab --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/333 @@ -0,0 +1,18 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report about random errors on aarch64 when executing __aarch64_cas8_acq_rel in QEMU. Let's break it down step by step. + +First, I need to understand what each part of the bug means. The function __aarch64_cas8_acq_rel sounds like an assembly-level instruction specific to the AArch64 architecture. CAS usually stands for Compare and Swap, which is a common atomic operation used in multi-threaded environments to ensure data consistency. + +The error occurs during execution, so it's happening at runtime rather than during compilation or linking. That suggests it's not related to how the code was built but more about how it runs on the system. + +Looking at the possible categories: +- **instruction**: This would involve a faulty instruction in the code. +- **syscall**: Errors related to system calls. +- **runtime**: Other runtime errors not covered by the first two. + +Since the error is happening when executing an atomic operation, which is part of the runtime behavior, it doesn't seem to be about a faulty instruction or a syscall issue. Instead, it's more about how the program behaves during execution, possibly due to concurrency issues or incorrect handling of memory operations. + +Therefore, I think this bug falls under the **runtime** category because it involves an error occurring while the code is running, specifically with atomic instructions on AArch64. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/355 b/results/classifier/deepseek-r1:32b/reasoning/runtime/355 new file mode 100644 index 000000000..9b829cdc3 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/355 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU. The issue mentioned is a possible divide by zero bug in the function get_whole_cluster. Hmm, let's break this down. + +First, what's a divide by zero error? It's when a program tries to divide a number by zero, which isn't allowed mathematically and causes an error. This usually happens during runtime because it's something that occurs while the program is executing, not at compile time or due to a syntax issue. + +Now, looking at the function get_whole_cluster in QEMU—QEMU is a software emulator used for virtualization. It handles various low-level operations, so any bug here could be critical. The function might be involved in memory management or cluster calculations, which are runtime processes. + +So, if there's a divide by zero happening here, it means that somewhere in this function, the code is dividing by a variable that could be zero under certain conditions. This would cause the program to crash or behave unexpectedly while running, not because of an instruction error or a problem with system calls, but because of incorrect runtime calculations. + +Therefore, the category for this bug should be 'runtime' since it's related to an error that occurs during the execution of the program. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/361 b/results/classifier/deepseek-r1:32b/reasoning/runtime/361 new file mode 100644 index 000000000..511007a3c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/361 @@ -0,0 +1,13 @@ +<think> +Alright, I'm trying to classify this bug report for QEMU. The issue says "-cpu host results in unsupported AVX512 instructions". Let me break it down. + +First, "-cpu host" is a QEMU option that sets the CPU type to match the host's CPU. That means QEMU should use all the host's capabilities, including newer instructions like AVX512. + +AVX512 is an instruction set extension for CPUs. If QEMU is reporting this as unsupported, it might mean that when trying to emulate or pass through these instructions, there's a problem. + +The error suggests that during runtime, specifically when using host CPU settings, the AVX512 instructions aren't being handled correctly. This isn't about a specific system call (syscall) going wrong. It also doesn't seem like it's just an instruction-level bug because it's related to how QEMU handles CPU features. + +So, since this happens during runtime when using certain CPU settings and involves handling of CPU instructions, the category should be 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/385 b/results/classifier/deepseek-r1:32b/reasoning/runtime/385 new file mode 100644 index 000000000..cb712a1d0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/385 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report about QEMU into one of three categories: instruction, syscall, or runtime. The report mentions "ARM user regression since 87b74e8b6edd287ea2160caa0ebea725fa8f1ca1." + +First, I should understand what each category entails. + +- **Instruction**: This would involve issues with specific CPU instructions not working correctly. +- **Syscall**: Problems related to system calls made by the guest OS through QEMU. +- **Runtime**: Errors that occur during execution but aren't tied to a specific instruction or syscall. + +The bug report doesn't mention any specific instruction failing, so it's probably not about an individual instruction. It also doesn't talk about system calls going wrong. Instead, it mentions a regression in the ARM user mode, which suggests something is going wrong when running ARM code in user mode under QEMU. + +This seems like a general runtime issue because it affects how the emulator runs ARM processes without pointing to specific syscalls or instructions. Therefore, the category is likely "runtime." +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/419 b/results/classifier/deepseek-r1:32b/reasoning/runtime/419 new file mode 100644 index 000000000..55cd0c02f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/419 @@ -0,0 +1,19 @@ +<think> +Okay, so I need to figure out how to classify this bug report about BSD-user dumping core for all binaries emulated under QEMU. The categories given are instruction, syscall, or runtime. + +First, let me break down what the problem is. "BSD-user dumps core" probably means that when running certain binaries in a BSD userland environment within QEMU, it's causing a core dump. A core dump happens when a program crashes due to an unhandled error, like a segmentation fault or illegal instruction. + +Now, looking at the categories: + +1. **Instruction**: This would involve issues with how specific CPU instructions are handled by the emulator. If the binaries are executing an instruction that QEMU doesn't handle correctly, it could cause a crash. + +2. **Syscall**: This relates to system calls made by the binary being emulated. If there's a problem in how QEMU handles these syscalls (like incorrect implementation or mismatches between host and guest), it might lead to crashes. + +3. **Runtime**: These are other runtime errors that don't fall into instructions or syscalls. This could include memory management issues, resource leaks, or bugs in the emulation environment itself. + +Given that the issue is with all binaries emulated under BSD-user, it's likely a more systemic problem rather than something specific to individual instructions or syscalls. It might be an issue with how QEMU sets up the userland environment for BSD, such as incorrect handling of certain system calls across different architectures or perhaps a bug in the emulation that affects multiple aspects during runtime. + +So, I'm leaning towards it being a **runtime** error because it's a general problem affecting all binaries and not tied to specific instructions or syscalls. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/442 b/results/classifier/deepseek-r1:32b/reasoning/runtime/442 new file mode 100644 index 000000000..a6ac9eb87 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/442 @@ -0,0 +1,17 @@ +<think> +Okay, so I need to classify this bug report about Firebird crashing on qemu-m68k-user with a pthread_mutex_init error into one of three categories: instruction, syscall, or runtime. + +First, let's understand what each category means. "Instruction" would involve an issue with a specific CPU instruction that QEMU isn't handling correctly. "Syscall" relates to problems when making system calls through the emulator. "Runtime" covers other errors that occur while running the program, not directly tied to instructions or syscalls. + +The bug report mentions pthread_mutex_init failing. Pthread functions are part of the threading library in Unix-like systems, which is used for managing threads and synchronization primitives like mutexes. The error here is during the initialization of a mutex, which suggests an issue with how QEMU handles thread-related operations or system calls. + +Now, considering that pthread_mutex_init is a function call rather than a CPU instruction, it's likely related to how the emulator handles system calls or runtime functions. Since it's not directly about executing a specific instruction (like a CPU op) but more about the execution of a library function in the user space, it probably falls under runtime errors. + +Wait, but could this be a syscall issue? Because pthread_mutex_init might involve making certain syscalls to create mutexes. However, the problem is happening when initializing the mutex within the application's code, not necessarily during the processing of a system call by QEMU. So maybe it's more about how the runtime environment (emulated CPU and libraries) behaves rather than a specific syscall failure. + +Another angle: if the emulator isn't correctly emulating the necessary instructions that pthread_mutex_init relies on, it could be an instruction issue. But without specific details about faulty instructions, it's hard to say. The error is more likely related to how the thread functions are handled in the emulation environment, pointing towards a runtime problem. + +So putting it all together, the crash occurs during runtime when initializing a mutex, suggesting that the issue is with the runtime environment rather than a specific instruction or syscall handling. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/447 b/results/classifier/deepseek-r1:32b/reasoning/runtime/447 new file mode 100644 index 000000000..2bf2751d9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/447 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to classify this QEMU bug report into one of three categories: instruction, syscall, or runtime. The error message says that QEMU can't reserve a certain amount of virtual address space and suggests checking memory settings or using the -R option. + +First, I need to understand what each category means. Instruction issues are about faulty CPU instructions causing problems. Syscall errors involve system calls going wrong, maybe permissions or something like that. Runtime errors are other issues that happen while the program is running. + +Looking at the error message, it's talking about reserving virtual address space. That sounds more like a memory allocation issue rather than a problem with an instruction or a system call. Since it's related to virtual memory and address space reservation, which happens during runtime as QEMU tries to set up the environment for the guest OS, I think this falls under runtime errors. + +So, putting it all together, this bug is about a runtime error because it's happening while QEMU is running and trying to manage its memory. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/514 b/results/classifier/deepseek-r1:32b/reasoning/runtime/514 new file mode 100644 index 000000000..0b730fbdc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/514 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report as part of QEMU. The user provided some details about an issue they encountered when using Clang to compile code for ARMv8 with memory tagging enabled. They mentioned that using SP-based store instructions caused a tag check fault exception, which shouldn't happen according to the ARM specifications. + +First, I need to understand what's happening here. The bug report talks about specific assembly instructions generated by Clang: stp and str operations using the SP register with offsets. When these instructions are executed in QEMU, they result in exceptions. However, the ARM spec says that such operations should generate a Tag Unchecked access instead of causing an exception. + +So, this seems to be related to how QEMU handles certain ARMv8 instructions, specifically those involving the SP register and memory tagging. The issue arises during runtime when these instructions are executed, leading to unexpected exceptions. + +Looking at the categories provided: instruction, syscall, runtime. Since the problem occurs during the execution of specific ARM instructions in the emulator (QEMU), it's not a syscall error or an issue with how the program is built. Instead, it's about QEMU incorrectly handling these instructions by generating exceptions when they should be treated as Tag Unchecked accesses. + +Therefore, this bug falls under the "runtime" category because it happens during the execution of code within QEMU. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/562107 b/results/classifier/deepseek-r1:32b/reasoning/runtime/562107 new file mode 100644 index 000000000..9393db5f6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/562107 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEmu's GDB stub using IPv6 instead of IPv4 or both. The user provided some links and mentions that it's an easy fix. They want me to categorize it into one of three categories: instruction, syscall, or runtime. + +First, I need to understand what each category means. "Instruction" likely refers to issues with how a task is carried out or described. If there's a faulty step in the instructions provided by QEmu, that would fall here. "Syscall" relates to errors occurring during system calls, which are functions that interact directly with the OS. Lastly, "runtime" covers other runtime errors—problems that happen while the software is running. + +Looking at the bug report, it's about the GDB stub using IPv6. This isn't a problem with instructions or documentation; instead, it's an issue during execution. When QEmu runs, it uses IPv6 for the GDB connection, which might not be what users expect if they're set up for IPv4. This causes issues when trying to connect via GDB because the listener is on an IPv6 socket, leading to connection problems. + +Since this happens while QEmu is running and not during instruction following or system calls, it seems like a runtime error. It's about how QEmu behaves at runtime regarding network connections. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/616 b/results/classifier/deepseek-r1:32b/reasoning/runtime/616 new file mode 100644 index 000000000..5a5c4ce17 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/616 @@ -0,0 +1,15 @@ +<think> +Alright, let's try to figure out where this bug belongs. The problem is about an overflow condition being incorrectly determined after addition on s390x architecture. + +The user provided a C program that uses __builtin_add_overflow to check for integer overflows in both 32-bit and 64-bit contexts. When compiled with GCC for s390x and run under QEMU, the output indicates an overflow occurred (no_overflow = 1), but according to the expected behavior, it shouldn't have. + +Looking at the generated assembly code, especially after optimization (-O2), it uses the 'o' condition code which is related to overflow. The code adds two integers and checks if there's an overflow. If not, it returns 0; otherwise, 1. + +The issue arises because either GCC is generating incorrect code or QEMU isn't handling the condition code properly. Without access to real hardware, determining the root cause is tricky. However, since the user suggests that a QEMU patch might fix this, it's possible that the problem lies in how QEMU emulates the overflow condition. + +In the assembly, after adding %r1 and %r3, the code checks bnor (branch if no overflow). If that doesn't happen, it sets the result to 1. But on s390x, the overflow flag might not be set as expected in QEMU, leading to incorrect behavior. + +Since this is about how the emulator handles condition codes during runtime, it's a runtime error specific to QEMU's handling of these instructions. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/633 b/results/classifier/deepseek-r1:32b/reasoning/runtime/633 new file mode 100644 index 000000000..24c38e2ae --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/633 @@ -0,0 +1,17 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's break down the information given. + +The user is encountering an error when running apt update inside a QEMU environment. The error message is "Allocating guest commpage: Operation not permitted." They mention that setting `sysctl vm.mmap_min_addr=53248` fixes the issue, which suggests it's related to memory mappings. + +Looking at the steps, the problem occurs when apt runs gpgv, which in turn tries to use apt-key but fails with that specific error. The user notes that running gpgv directly works, so it's specifically when it's run through apt that the issue arises. + +The key part here is "Allocating guest commpage: Operation not permitted." This seems related to memory management within QEMU. The com-page is a shared memory area used for communication between the guest and host in certain setups. If allocation fails, it's likely due to permissions or security settings preventing the necessary mmap operations. + +The error occurs at runtime when trying to perform a specific operation (allocating commpage), which suggests it's not an issue with instructions being executed incorrectly but rather with how resources are managed during execution. + +Therefore, this bug is related to a system call or resource allocation at runtime. So, the category should be "runtime." +</think> + +The error occurs at runtime when trying to allocate memory (commpage) and fails due to permissions, indicating a runtime issue. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/645662 b/results/classifier/deepseek-r1:32b/reasoning/runtime/645662 new file mode 100644 index 000000000..1af9811fa --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/645662 @@ -0,0 +1,25 @@ +<think> +Okay, I'm trying to classify this bug report from QEMU into one of three categories: instruction, syscall, or runtime. Let's break down the information given. + +The user mentioned that when running regression tests for Python 3.1.2 with QEMU 0.12.5 on a specific Linux setup, some math tests failed. The errors are in test_cmath, test_float, and test_math. + +Looking at the details: + +- In test_cmath, the acos function returns a complex number that's slightly off from the expected value. This suggests an issue with floating-point precision or calculation. +- For test_float, there's a discrepancy between the string representation of a float and its expected value, again pointing to precision issues. +- The test_math failure is multiple errors, but without specific details, it's likely related to similar underlying problems. + +The user also noted that QEMU's x87 emulation handles trigonometric and other complex operations only at 64-bit precision instead of the full 80-bit. This means that when performing calculations, especially those requiring high precision, QEMU is truncating or approximating values more than a native environment would. + +Considering the categories: + +- **Instruction**: This refers to issues with specific CPU instructions being faulty. The problem here isn't about an incorrect instruction but rather how operations are handled. + +- **Syscall**: This involves errors in system calls. The issue described doesn't relate to syscalls; it's more about computation within the emulator. + +- **Runtime**: These are errors that occur during runtime, such as floating-point precision issues or calculation inaccuracies. Since QEMU is not maintaining 80-bit precision for x87 operations, this leads to inaccuracies in math functions, which cause the test failures. + +So, the root cause is a runtime error due to insufficient floating-point precision handling in QEMU's emulation. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/693 b/results/classifier/deepseek-r1:32b/reasoning/runtime/693 new file mode 100644 index 000000000..bd563be77 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/693 @@ -0,0 +1,16 @@ +<think> +Okay, I need to classify this bug report about QEMU's increased memory usage when using TCG. Let me break it down step by step. + +First, the problem is that instances with low memory allocations (like 256MB) are using much more RSS ( Resident Set Size) when running with accel=tcg. This wasn't an issue with older versions of QEMU or when using KVM acceleration instead. + +The user provided steps to reproduce: deploying devstack, starting a Cirros instance with a 256MB flavor, and observing the RSS jump to around 512MB. They expected it to stay under 256MB as it did before. + +Looking at the possible categories: +- Instruction: Faulty instructions in code. +- Syscall: Errors related to system calls. +- Runtime: Other runtime errors. + +This issue is about memory usage behavior during runtime, specifically with TCG acceleration. It's not pointing to a specific instruction error or a syscall problem. Instead, it's how the memory is being managed while the instance runs, which falls under runtime issues. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/695 b/results/classifier/deepseek-r1:32b/reasoning/runtime/695 new file mode 100644 index 000000000..01e3e5f1e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/695 @@ -0,0 +1,11 @@ +<think> +Okay, so I need to classify this bug report about QEMU. The message says "MIPS: nanomips p32 ABI not supported". Hmm, I'm not very familiar with MIPS architecture details, but let's break it down. + +First, MIPS is a type of processor architecture, and nanomips might be a specific variant or extension of it. P32 probably refers to the 32-bit ABI (Application Binary Interface), which defines how software components interact. So the issue here seems to be that QEMU doesn't support this particular combination. + +Now, looking at the categories: instruction, syscall, runtime. The bug report isn't about a specific instruction being faulty or a problem with system calls. It's more about the environment setup within QEMU not supporting a certain ABI configuration. That sounds like it could cause runtime issues because if the ABI isn't supported, programs relying on that might fail during execution. + +So I think this falls under 'runtime' errors since it's an unsupported setup causing problems when running code. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/697 b/results/classifier/deepseek-r1:32b/reasoning/runtime/697 new file mode 100644 index 000000000..896a8647d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/697 @@ -0,0 +1,11 @@ +<think> +Okay, I need to classify this bug report about QEMU into one of three categories: instruction, syscall, or runtime. The problem described is that when creating a Linux user process, the default CPU type isn't being set before parsing the ELF header for a specific CPU type. + +Hmm, so thinking about what each category entails. Instruction issues relate to faulty commands or code execution errors. Syscall problems involve system calls not working as expected. Runtime errors are broader, covering other issues that occur during program execution. + +In this case, the issue is about setting the CPU type correctly before parsing the ELF header. The ELF header contains information about the binary's architecture, so if QEMU isn't setting the default CPU type first, it might cause problems when handling different architectures or binaries. This seems like a setup or initialization error rather than a specific instruction fault or a problem with system calls. + +So, this issue is more of a runtime problem because it affects how the process runs and interacts with the environment during execution. It's not directly about an instruction being wrong or a syscall failing but about the state before processing which impacts runtime behavior. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/698 b/results/classifier/deepseek-r1:32b/reasoning/runtime/698 new file mode 100644 index 000000000..4bdf116c2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/698 @@ -0,0 +1,11 @@ +<think> +Okay, I'm trying to classify this bug report related to QEMU user-mode emulation. Let me read through the details carefully. + +The issue seems to occur when running a statically-linked ARM executable using qemu-arm-static. The program is trying to read memory via /proc/self/mem but encounters an Input/output error. This happens because, according to the provided maps, the address being accessed isn't mapped correctly on the host system. + +Looking at the mappings, there's a discrepancy between how the guest process expects the memory and how it's actually mapped on the host. The bug arises during runtime when accessing specific memory regions, which suggests that the problem isn't with a specific instruction or a syscall but rather with the way memory is managed or emulated during execution. + +Since the error occurs while reading from /proc/self/mem and involves incorrect address mappings, it's related to how QEMU handles process memory in user-mode emulation. This falls under runtime issues because it's about the program's behavior while executing, specifically how memory access is handled. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/704 b/results/classifier/deepseek-r1:32b/reasoning/runtime/704 new file mode 100644 index 000000000..5c90cdee9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/704 @@ -0,0 +1,13 @@ +<think> +Alright, I need to classify this bug report related to QEMU. The issue mentioned is "misaligned address for type 'struct linux_dirent64'". Let me break this down. + +First, misalignment errors typically occur when data structures are not properly aligned in memory. In programming, especially with C or similar languages, struct members must be aligned correctly according to their types. If they're not, it can cause runtime issues because the CPU expects data at specific alignment boundaries for performance reasons. + +The error message suggests that when accessing a 'struct linux_dirent64', the address isn't properly aligned. This is likely happening during runtime, meaning while the program is executing. So, this isn't an issue with how instructions are being executed or a problem with system calls themselves. + +I'm considering the categories: instruction, syscall, and runtime. Since it's about memory alignment during execution, it doesn't fit into instruction or syscall issues. It must be a runtime error because it occurs while the program is running, specifically when accessing misaligned data structures. + +So, the category for this bug report should be 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/714 b/results/classifier/deepseek-r1:32b/reasoning/runtime/714 new file mode 100644 index 000000000..5056a50eb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/714 @@ -0,0 +1,17 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report about QEMU. The issue is that when using command line arguments with user-space semihosting on an ARM Cortex-M7, the program doesn't receive them correctly. Instead of getting multiple arguments, it only gets argc as 1 and argv[0] shows random or incorrect characters. + +First, I'll read through the problem description again. The user provided a C++ program that prints out argc and each argv element. When they run it with QEMU using command line arguments like "qemu-arm -cpu cortex-m7 ./a.out 123 test", the output shows argc as 1, which is wrong because there are two additional arguments. Similarly, when no extra args are passed, it still gets one argument but with incorrect data. + +The program was compiled with the ARM embedded toolchain for Cortex-M7 and uses rdimon.specs, which I think relates to semihosting support in QEMU. The issue seems specific to how QEMU handles command line arguments in this setup. + +Looking at the possible categories: instruction, syscall, runtime. Instruction would be about faulty CPU instructions, which doesn't seem relevant here. Syscall issues relate to system calls not working as expected. Runtime is for other errors during execution. + +This problem isn't a fault with an instruction or a system call; it's more about how QEMU is handling the command line arguments during runtime when in user-space semihosting mode. The program expects the arguments to be passed correctly, but they aren't, which suggests a runtime issue rather than a syscall failure. + +So I think this falls under 'runtime' because it's an error occurring while the program is executing, specifically related to how QEMU manages the environment and argument passing in semihosted mode. +</think> + +The bug report describes an issue where command-line arguments are not passed correctly during runtime when using user-space semihosting with QEMU. This is a runtime error rather than an instruction or syscall problem. + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/739785 b/results/classifier/deepseek-r1:32b/reasoning/runtime/739785 new file mode 100644 index 000000000..8c5bef186 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/739785 @@ -0,0 +1,31 @@ +<think> +Okay, I'm trying to figure out what's causing the issue when using QEMU-i386 in user mode on my ARM-based Pogo Plug. So, let me go through each step and see where things might be going wrong. + +First, I installed Arch Linux in a VirtualBox VM and created a chroot environment for it using mkarchroot. Then, I transferred this chroot to the Pogo Plug into the /i386 directory. That part seems okay because I can access the chroot. + +Next, I compiled QEMU-i386 statically with some specific configuration options. The make command went through without errors, so the binary should be fine. I placed it in /i386/usr/bin/, which makes sense because that's where userland binaries go. + +I also compiled a Linux kernel version 2.6.38 with binfmt_misc enabled. After installing it, the output from uname -a shows that the kernel is running correctly on the ARM system. So, the kernel part seems to be set up properly. + +In /etc/rc.local, I added commands to load binfmt_misc and register the QEMU-i386 interpreter. The modprobe for binfmt_misc should load the module, and mounting it makes sure it's available. Then, the echo command registers the binary format so that when an x86 executable is run, the kernel knows to use QEMU-i386 as an interpreter. + +I copied ld-linux.so.3 from /lib/ to /i386/lib/. Wait a minute, in Arch Linux, ld-linux.so.3 might be a symlink pointing to a newer version like ld-2.13.so. So I made sure to copy the actual file that the symlink points to into the chroot's lib directory. That should allow the dynamic linker to work inside the chroot. + +When I try to run chroot into /i386 and then attempt to use pacman, I get "bash: fork: Invalid argument". Forking is a system call used by processes to create child processes, so this error suggests that the fork syscall is failing. This could be due to several reasons, like insufficient memory or issues with process management. + +Additionally, when running the test from qemu-linux-user-test-0.3, I get an assertion failure in the dynamic linker. The error message mentions a problem in dl-version.c at line 210, which seems to involve checking map versions. This might indicate that the dynamic linker isn't properly handling something related to shared libraries or their versions. + +Putting this together, it looks like there's a problem with how processes are being managed when running x86 binaries under QEMU in user mode on my ARM system. The fork error suggests an issue at the syscall level, which could be part of the runtime environment setup within QEMU. Maybe the way binfmt_misc is set up or how QEMU-i386 interacts with the kernel isn't quite right. + +Another angle to consider is whether all necessary libraries are correctly placed in the chroot and accessible by QEMU. Missing dependencies or incorrect library versions could cause issues during process creation, leading to fork failures. Also, ensuring that the QEMU binary itself has the correct permissions and can access all required resources inside the chroot is important. + +I might need to check if there's enough memory on the system when running these processes. The Pogo Plug has limited resources, so maybe it's struggling with the overhead of running a chroot environment and QEMU simultaneously. If that's the case, optimizing resource usage or increasing available memory (if possible) could help. + +Looking at the error messages again, both the fork failure and the dynamic linker issue point towards runtime problems. The fork error is a system call that isn't being handled correctly, while the linker issue suggests something went wrong during process initialization within QEMU's environment. It might be a combination of these factors causing the overall problem. + +I should also consider whether there are known issues with running user-mode QEMU on certain kernel versions or architectures. Maybe the specific version I'm using (2.6.38) has some bugs that affect how binfmt_misc works with QEMU-i386. Checking if newer kernels have fixes for similar issues might be worth exploring. + +In summary, the main issue appears to be a runtime error when trying to fork processes within the chroot environment set up using QEMU-i386. This could stem from incorrect setup of binfmt_misc, insufficient system resources, or compatibility problems between the kernel and QEMU in this specific configuration. +</think> + +The problem is classified under the category of `runtime`. \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/754635 b/results/classifier/deepseek-r1:32b/reasoning/runtime/754635 new file mode 100644 index 000000000..bffad0ce0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/754635 @@ -0,0 +1,17 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the problem carefully to figure out where it's going wrong. + +The user reports that when they run QEMU with the -d in_asm option on a 0.14.0 release, the output about memory sections is incorrect compared to the 0.12.5 version. They provided examples of the logs from both versions and noted discrepancies. + +In the 0.14.0 version, after running the command, the guest address space relocation shows different sections than expected. For instance, in 0.12.5, the sections start at addresses like 08048000, but in 0.14.0, they're starting at lower addresses like 00f38000 and so on. The user identified that the problem lies in exec.c where there's a change in how memory regions are walked. + +They compared the code between the two releases. In 0.12.5, the end calculation was done with a shift of (i << (32 - L1_BITS)) | (j << TARGET_PAGE_BITS), while in 0.14.0, it's using V_L1_SHIFT which is 10 instead of 22 as per 32 - L1_BITS. The user made a patch to adjust the shift by adding TARGET_PAGE_BITS to V_L1_SHIFT. + +So the issue seems to be related to how QEMU calculates or reports memory regions during execution, specifically when using the disassembly option. This affects the debugging output but doesn't seem to crash the program; it's more about incorrect information being logged. + +The problem arises during runtime because the logging happens as part of executing the program in the emulator. It's not a fault in an instruction or a syscall error, but rather how memory is tracked and displayed while running. + +Therefore, this bug falls under the "runtime" category since it's related to errors that occur while the program is running, specifically in handling memory regions. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/796480 b/results/classifier/deepseek-r1:32b/reasoning/runtime/796480 new file mode 100644 index 000000000..64ae56125 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/796480 @@ -0,0 +1,11 @@ +<think> +Alright, so I'm trying to figure out what category this bug falls into. The user provided a detailed description and some code. Let me break it down step by step. + +First, the issue is about QEMU's behavior when running a 64-bit guest binary on a 32-bit host OS. Specifically, memory references are causing problems because addresses that differ in their higher 32 bits are treated as the same address due to lower 32 bits being identical. This leads to incorrect data being loaded. + +The test program allocates a very large array (4GB + 2 bytes) and sets two characters at the start and near the end. When run on QEMU, both positions return 'z' instead of one 'a' and one 'z'. The problem is that the emulator isn't handling the higher bits correctly in the host's 32-bit environment. + +Looking at the possible categories: instruction, syscall, runtime. The issue doesn't seem to be with a specific instruction or a system call error. Instead, it's about how QEMU handles memory addresses during execution, which falls under runtime behavior. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/805 b/results/classifier/deepseek-r1:32b/reasoning/runtime/805 new file mode 100644 index 000000000..fee57864b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/805 @@ -0,0 +1,21 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me think through each step carefully. + +The problem is that when trying to run a 32-bit Hexagon binary on a system that's both 64-bit and 32-bit compatible, QEMU throws an error saying "Error mapping file: Invalid argument." The user provided the steps they took, which involve running the binary using qemu-hexagon. + +First, I'll look at what each category entails. + +1. **Instruction**: This would be if there's a problem with a specific instruction that QEMU is trying to execute. For example, if the Hexagon binary uses an opcode that QEMU doesn't handle correctly, this could fall under this category. However, in this case, the error message isn't about executing instructions; it's about mapping a file. + +2. **Syscall**: This category deals with errors related to system calls. If the Hexagon binary was making syscalls that QEMU couldn't translate or execute properly on the host system, this would fit. But again, the issue here seems more about loading the binary into memory rather than handling syscalls during execution. + +3. **Runtime**: These are other runtime errors that don't fall under instructions or syscalls. The error message mentions mapping a file with an invalid argument. Mapping files is part of the process when executing binaries; QEMU might be trying to load the binary into memory and failing due to some mismatch, perhaps between 32-bit and 64-bit systems. + +So breaking it down: When running a binary, especially a different architecture's binary like Hexagon on x86, the emulator needs to handle loading that binary into its process. The error about mapping suggests there's an issue during this initial phase—maybe QEMU isn't correctly handling the file format or permissions for 32-bit binaries on a 64-bit system. + +Looking at similar issues, like the one from the mailing list, it seems others have encountered problems with file mapping in QEMU when dealing with different architectures. This points more towards a runtime issue because it's about how QEMU is processing the binary before execution can even begin. + +Therefore, this error doesn't stem from executing instructions or handling syscalls but rather from an initial setup problem during runtime when trying to load the program into memory. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/834 b/results/classifier/deepseek-r1:32b/reasoning/runtime/834 new file mode 100644 index 000000000..40a5d33b8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/834 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me break down what's happening here. + +The problem is that when running a program under QEMU, it doesn't catch signals correctly during pselect(). The user provided a test case where they block SIGUSR1 but unmask it during pselect. Without QEMU, sending the signal results in "SIGNAL" being printed, meaning the handler works. But with QEMU, the signal isn't caught even though the pselect is interrupted. + +Looking at the reference from LWN about pselect(), I remember that pselect should properly handle signals that are unmasked during its execution. So when a signal is delivered while in pselect, it should be handled immediately upon return. + +The user's test case shows that without QEMU, this works as expected. But with QEMU, the signal isn't caught. The strace of QEMU confirms the signal is delivered but not processed by the guest program. This suggests that the issue lies within how QEMU handles signals when running the guest OS. + +Now, considering the categories: + +- **Instruction**: This would involve a problem with specific CPU instructions. But the bug here isn't about executing the wrong instruction; it's about handling signals. + +- **Syscall**: The issue is related to system calls like pselect and sigprocmask. However, QEMU emulates syscalls for the guest OS. If QEMU mishandles these syscalls, that could cause problems. But I'm not sure if this is a syscall error per se. + +- **Runtime**: This category covers other runtime issues that aren't instructions or syscalls. Since the problem arises during the execution of the program within QEMU and involves signal handling across the host and guest environments, it seems more like a runtime issue. It might be related to how QEMU schedules signals or interacts with the host's signal delivery mechanisms. + +So, putting this together, the bug isn't directly about an instruction being wrong or a syscall implementation error but rather how QEMU manages the runtime environment, specifically signal handling during system calls. Therefore, it falls under the 'runtime' category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/856 b/results/classifier/deepseek-r1:32b/reasoning/runtime/856 new file mode 100644 index 000000000..200a84ebd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/856 @@ -0,0 +1,15 @@ +<think> +Alright, let's try to figure out how to classify this bug report. The problem occurs when running a threadcount test on QEMU using the sh4-linux-user target. From the provided information, it seems that the system is deadlocking occasionally. + +Looking at the steps to reproduce, they involve building and running QEMU with specific configurations, including some sanitization flags. When the test runs, sometimes it hangs, which means something's causing the program to stop responding or get stuck. + +The backtrace from GDB shows threads waiting on futex operations. Futexes are used for synchronization between threads, so this points towards issues in thread management or synchronization within QEMU. The main thread (thread 1) is in a safe_syscall_base function, which suggests it's handling some system call safely, but it's stuck there. + +Thread 2 is inside the qemu_futex_wait function, waiting on an RCU (Read-Copy-Update) event. This indicates that the RCU mechanism might not be properly releasing or signaling, causing a deadlock. Thread 3 is also in safe_syscall_base but with different arguments, showing another thread stuck in a similar situation. + +Considering all this, the issue seems related to how QEMU handles system calls and thread synchronization, particularly around futex operations used by RCU. Since RCU relies on proper memory management and timely completion of grace periods, any miscommunication here could lead to deadlocks. + +The problem doesn't appear to be a faulty instruction or an error directly in the syscall implementation but rather how these syscalls are being handled in a multithreaded environment during runtime. Therefore, this falls under runtime errors because it's about how QEMU operates and manages threads at runtime. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/866 b/results/classifier/deepseek-r1:32b/reasoning/runtime/866 new file mode 100644 index 000000000..0262ed60a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/866 @@ -0,0 +1,23 @@ +<think> +Okay, I'm trying to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me go through each part carefully. + +The problem is about a memory leak happening when creating and destroying threads in a simple C program running on qemu-arm. The user provided steps to reproduce it using QEMU with an ARM toolchain. + +First, looking at the code: It's creating and joining threads in a loop. The assert statements are checking if pthread_create and pthread_join succeed, ensuring that each thread returns correctly. + +The symptoms show that memory usage keeps increasing until the process crashes due to out-of-memory. This suggests that each iteration is leaving some memory allocated or not properly deallocated, leading to a leak. + +Now, considering the categories: + +1. **Instruction**: This would involve an issue with specific CPU instructions causing problems. But in this case, the problem seems related to thread management and memory allocation, which isn't directly tied to a particular instruction. + +2. **Syscall**: Errors involving system calls could be a possibility. pthread_create and pthread_join are syscalls. If there was an error in how QEMU handles these syscalls, it might cause issues like leaks. However, the user didn't mention any specific syscall errors; instead, the issue is about resource management over time. + +3. **Runtime**: This category deals with runtime errors, which could include memory management issues. The continuous increase in memory usage points to a resource leak that isn't being handled properly during thread creation and destruction. Since each thread should be cleaned up after joining, but it's not happening, this is likely a runtime issue. + +Valgrind logs were mentioned, but without seeing them, I can only assume they point towards memory leaks rather than specific instruction or syscall errors. + +So, the bug seems to stem from improper handling of resources (like threads) during runtime in QEMU. It's about how memory and thread-related resources are managed as the program runs. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/886621 b/results/classifier/deepseek-r1:32b/reasoning/runtime/886621 new file mode 100644 index 000000000..26eda9c45 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/886621 @@ -0,0 +1,25 @@ +<think> +Okay, so I'm trying to figure out how to classify this given bug report as part of QEMU. The user has provided some system information and memory details, but it's not immediately clear what the issue is. Let me go through each step carefully. + +First, looking at the system information: It's a MacBook Pro with an Intel Core i7 processor, 8 GB RAM, AMD Radeon HD 6750M graphics, and an Intel HD Graphics 3000. The memory modules are both 4GB DDR3, which seems fine. There's also some USB devices listed, like the FaceTime camera, a keyboard/trackpad, and an external hard drive. + +Next, looking at the VM region summary: It shows that there's about 144.3 MB of read-only library sections, with most of them resident in memory. The writable regions are around 185.9 MB, but only a small portion is written to. The stack is using 66.5 MB, which might be relevant if the issue is stack-related. + +The external modification summary mentions task_for_pid calls, both from other processes and on the machine as a whole. There were two task_for_pid calls targeting this process, which could indicate some interaction or monitoring happening externally. + +Now, considering that the bug report is part of QEMU, I should think about common issues in virtualization environments. Since the user hasn't provided specific error messages from QEMU itself, but rather system details and memory usage, it's a bit tricky. + +I need to categorize this into one of three categories: instruction, syscall, or runtime. + +- Instruction errors would involve a specific faulty instruction causing the issue. +- Syscall issues relate to problems with system calls made by QEMU. +- Runtime errors are other runtime-related problems not covered by the first two. + +Looking at the provided information, there's no mention of a specific instruction failing or a syscall error. The details given are more about memory usage and system configuration. Since the user is asking for classification based on this data, which doesn't point to an explicit instruction or syscall problem, it seems like the issue would fall under 'runtime' errors. + +Runtime errors can encompass a broad range of issues that occur during execution, such as memory management problems, resource allocation failures, or other unexpected behaviors. Given the system's configuration and the task_for_pid calls, it might be related to how QEMU is managing processes or memory during runtime. + +Therefore, without specific evidence pointing to an instruction or syscall issue, the most appropriate category would be 'runtime'. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/909 b/results/classifier/deepseek-r1:32b/reasoning/runtime/909 new file mode 100644 index 000000000..e263d1bc9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/909 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm looking at this bug report about QEMU failing to execute recently built n32 binaries in user mode. The problem is that when trying to chroot into an N32 installation, there's an error with loading shared libraries. Specifically, it says /lib32/libc.so.6 can't be read, but the user mentions that bash, libc, and QEMU all exist and have the proper ABI. + +First, I need to classify this bug under one of the given categories: instruction, syscall, or runtime. Let me think about each category. + +- **Instruction**: This would involve issues with how specific CPU instructions are handled by QEMU. If there was a problem with an opcode or some assembly-level operation not being emulated correctly, that would fall here. + +- **Syscall**: This relates to system calls made by the guest OS or applications interacting incorrectly with the host environment. For example, if certain syscalls were returning incorrect results or causing issues. + +- **Runtime**: Any other runtime errors that don't fit into instruction or syscall categories. This could include issues like memory management problems, process creation failures, etc. + +In this case, the error is about loading shared libraries. That points more towards how QEMU handles dynamic linking or perhaps binary format support. The note mentions that issue 843 was related to binfmt-misc magic for n32 needing fixing, which suggests a problem with how the kernel identifies and runs binaries of a certain type. + +Since the problem is about executing binaries in user mode and it's specifically mentioning shared libraries not being loaded correctly, this likely involves how QEMU sets up the environment for running these binaries. It might be an issue with the way QEMU is handling the emulation of loading shared libraries or perhaps some misconfiguration in the chroot setup. + +But considering the initial error message and the context about binfmt-misc, it seems like a problem that occurs during runtime when trying to execute the binary. The system isn't able to read the library because maybe the file format isn't recognized correctly, which could tie into how QEMU is emulating the execution environment. + +So putting it all together, this issue doesn't seem to be about specific instructions or syscalls failing but more about the runtime environment setup when executing N32 binaries. Therefore, it would fall under the **runtime** category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/922 b/results/classifier/deepseek-r1:32b/reasoning/runtime/922 new file mode 100644 index 000000000..d1094fdad --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/922 @@ -0,0 +1,23 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report for QEMU. The user is experiencing random segmentation faults when running `grep` using `qemu-arm-static`. Let me break down the details provided. + +First, the issue occurs when they run a loop that executes `/qemu /bin/grep -E f text > /dev/null`. Sometimes it happens quickly, other times after several thousand iterations. The problem is present in QEMU versions 7.0.0-rc0, 6.2, 5.2, and 5.1 but not in 5.0. They've provided a test environment which includes building a Docker container and running an ARM bash shell. + +The error they get is a segmentation fault, which typically indicates a memory access issue—like accessing invalid memory addresses or dereferencing null pointers. Since this happens when executing `grep`, it's likely related to how QEMU emulates the execution of this ARM binary on an x86_64 host. + +Now, looking at the possible categories: + +- **instruction**: This would be if there was a faulty instruction being executed by QEMU that causes the issue. For example, a specific CPU instruction causing a problem. + +- **syscall**: This relates to errors when handling system calls. If `grep` is making a syscall that QEMU isn't handling correctly, this could cause issues. + +- **runtime**: This covers other runtime errors not necessarily tied to instructions or syscalls, like memory management problems or bugs in the emulation logic. + +In this case, since the segmentation fault occurs during the execution of an ARM binary (specifically `grep`), it's more likely related to how QEMU handles the binary's execution rather than a specific instruction or syscall. It could be an issue with how memory is being managed in the emulator, leading to incorrect access patterns that cause the segfault. + +Considering that this started happening from version 5.1 onwards but didn't occur in 5.0, it suggests a regression introduced in a newer version of QEMU. This might point towards changes in the emulation logic or memory handling between versions. + +Therefore, I think the most appropriate category is **runtime**, as it's an issue that arises during the execution (runtime) of the emulated program within QEMU. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/939 b/results/classifier/deepseek-r1:32b/reasoning/runtime/939 new file mode 100644 index 000000000..80161281e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/939 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me read through the problem description and see what's going on. + +The user is using QEMU-MIPSn32el emulator in user mode and encountering issues where memory-intensive programs like tar and gcc are segfaulting. They noticed that this happens when memory beyond 2GB is allocated, which makes sense because MIPS N32 uses only 31 bits of a pointer. So pointers can't address more than about 2GB of memory. + +They wrote a test program to allocate chunks of memory in a loop and found that it segfaults after around 52 allocations on the N32 setup, but works correctly up to a point where malloc fails on the O32 setup. The error message from QEMU mentions an unhandled CPU exception and an assertion failure related to the current CPU. + +Now, looking at the categories: + +1. **Instruction**: This would involve issues with specific machine instructions causing problems. But here, it's more about memory allocation and pointers beyond a limit, not a faulty instruction per se. + +2. **Syscall**: Errors involving system calls. The problem seems related to memory management rather than system call handling. The segfaults aren't directly tied to a syscall failure but to pointer overflows. + +3. **Runtime**: This category covers other runtime errors that don't fall into instructions or syscalls. Memory allocation issues, especially when dealing with pointers beyond the 2GB limit, would cause segfaults during execution. The fact that it's happening in user mode and causing exceptions seems like a runtime issue because it's about how the program runs within the emulator. + +So, putting it all together, this bug is about the emulator incorrectly handling memory allocations beyond certain limits, leading to runtime errors rather than issues with instructions or syscalls. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/947 b/results/classifier/deepseek-r1:32b/reasoning/runtime/947 new file mode 100644 index 000000000..586a63ecb --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/947 @@ -0,0 +1,15 @@ +<think> +Okay, I need to classify this bug report under one of three categories: instruction, syscall, or runtime. Let's read through the problem description carefully. + +The issue is a segmentation fault occurring in the TCG thread when calling a helper function. The problem happens because the generated code doesn't correctly load the upper 32 bits of the address for lookup_tb_ptr before branching to it. According to LLDB, the program tries to access an incorrect address (0x1cffe060) instead of the correct one (0x7ff71cffe060). + +The user points out that in the TCG code generation file (tcg-target.c.inc), there's a specific line causing this issue. The problematic code is `t2 = t1 & ~(0xffffUL << s1);`. They suggest changing it to use `ULL` instead of `UL`, which would correctly handle 64-bit operations. + +This seems like an error in how the instructions are generated, specifically with handling addresses on a 64-bit system. The incorrect mask (using UL instead of ULL) leads to truncation, causing the wrong address being accessed, hence the segmentation fault. + +Since the problem arises from how the code is generated and executed at runtime, particularly due to an incorrect instruction or operation in the TCG-generated code, this falls under a runtime error. The bug isn't related to a system call (syscall) issue nor is it about a faulty machine instruction per se but rather an error in the compiled code's handling of addresses. + +So, categorizing this as 'runtime' makes sense because it's an error that occurs during execution due to incorrect address handling in generated code. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/95 b/results/classifier/deepseek-r1:32b/reasoning/runtime/95 new file mode 100644 index 000000000..6838f6afa --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/95 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to classify this bug report for QEMU. The issue is about the Linux user mode not handling when a guest sets a very small RLIMIT_AS. This causes certain programs like gnutls28 and coreutils configure checks to hang. + +First, I need to understand what's going on here. RLIMIT_AS refers to the address space limit in Linux. Setting it too low can cause issues if the process doesn't handle it correctly. In this case, when a guest (a virtual machine running under QEMU) sets a very small RLIMIT_AS, the host's user mode is having trouble handling that setting. + +The symptoms mentioned are that gnutls28 and coreutils configure checks hang. That suggests there's some kind of runtime error happening because these programs can't proceed normally when their address space is restricted too much by QEMU's user mode. + +Now, looking at the categories: instruction, syscall, or runtime. + +- Instruction issues involve problems with specific instructions being executed incorrectly. +- Syscall errors are about system calls not working as expected, possibly returning incorrect results or causing crashes. +- Runtime errors cover other issues that occur while the program is running, such as hangs, memory leaks, etc. + +In this case, the problem isn't directly about a faulty instruction or a specific syscall failing. Instead, it's more about how QEMU's user mode handles resource limits during runtime, leading to hangs in certain applications. Therefore, it falls under runtime errors because it's an issue that occurs while the program is running, specifically when handling RLIMIT_AS. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/runtime/967 b/results/classifier/deepseek-r1:32b/reasoning/runtime/967 new file mode 100644 index 000000000..35bec5d79 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/runtime/967 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report related to QEMU. The user provided some memory mappings from a process using QEMU, but there's no clear description of what the actual issue is. They mentioned that they installed qemu-user via apt on Ubuntu and included compiler and libc versions. + +Looking at the possible categories: instruction, syscall, runtime. Without more details about the specific problem—like an error message or symptoms—it's hard to pin it down. The memory mappings show various libraries loaded, but nothing jumps out as obviously wrong without context. + +If this were a faulty instruction, I'd expect something like an illegal opcode or exception during execution. For a syscall issue, there might be problems with system calls failing or returning errors. Since neither is mentioned, maybe the bug falls under runtime issues, which cover other runtime problems not fitting into the first two categories. + +So, considering the lack of specific information pointing to instruction or syscall issues, I'll go with runtime as the category. +</think> + +runtime \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1007 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1007 new file mode 100644 index 000000000..e77c37fae --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1007 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU adding execveat syscall support. The categories given are instruction, syscall, and runtime. Let me break it down step by step. + +First, the term "execveat" stands out. I know that in Linux systems, execve is a system call used to execute a program. The 'at' suffix suggests it's using file descriptors, like how openat works. So execveat must be a variant of execve that uses a directory file descriptor for the path resolution. + +Now, looking at the bug report: "qemu-user: add execveat syscall support." This means that QEMU's user mode emulation is missing support for this particular system call. So, when an application running under QEMU tries to use execveat, it won't work because QEMU doesn't handle it yet. + +So, the issue here is about a missing system call implementation in QEMU. That points directly towards the syscall category. The other categories don't seem to fit as well. Instruction issues would relate to specific CPU instructions not being handled correctly, which isn't the case here. Runtime errors are more about crashes or unexpected behavior during execution, but this is specifically about a missing feature related to system calls. + +Therefore, I'm pretty confident that this bug falls under the syscall category because it's about adding support for a particular system call in QEMU. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1012 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1012 new file mode 100644 index 000000000..2ec701f07 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1012 @@ -0,0 +1,19 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me read through the problem description and the provided information carefully. + +The issue is about here-documents in bash producing an ENOENT error after updating gnulib and coreutils. The user's script uses `cat <<EOF` which should redirect from a here-document to stdin for cat. But instead, it's failing with "No such file or directory". + +Looking at the strace outputs: + +In the updated system, the process calls newfstatat on fd 0 (which is connected to a deleted tmp file), resulting in ENOENT. The error message from cat indicates that it can't find the file '-'. + +In contrast, the old system uses fstat and successfully reads from the same tmp file without errors. + +The key difference seems to be the use of newfstatat versus fstat. From my understanding, newfstatat is a more modern syscall that allows specifying flags like AT_EMPTY_PATH. It might behave differently in how it handles certain paths or file descriptors compared to fstat. + +Since the problem arises from a change in system calls (from fstat to newfstatat), which leads to different behavior and an error, this seems related to how the kernel or system calls are handling the situation. The ENOENT occurs because newfstatat can't find the file descriptor as expected, possibly due to changes in how it's implemented. + +So, this issue is about a discrepancy between two syscalls (fstat and newfstatat) leading to an error in functionality. Therefore, it falls under a syscall-related problem. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1076445 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1076445 new file mode 100644 index 000000000..1fb7d1f59 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1076445 @@ -0,0 +1,19 @@ +<think> +Okay, I need to figure out what's going on here. The user provided a bug report about QEMU failing when running a simple C program that uses the system() function. They mentioned it happens with i386 and x86_64 toolchains from Buildroot but works fine with ARM and MIPS. + +First, I'll look at the code they provided. The program is straightforward: it calls system("echo hello") and prints the return value. On x86 targets, QEMU outputs -1, which indicates an error, while on other architectures, it correctly displays "hello" and 0. + +The possible categories are instruction, syscall, or runtime. Let's break this down. + +If it were an instruction issue, there might be a problem with how the program is compiled or specific CPU instructions causing QEMU to fail. But since it works for ARM and MIPS but not x86, that suggests it's more about how system calls are handled rather than specific instructions. + +Next, considering syscalls: the system() function internally uses fork(), execve(), and waitpid(). Maybe one of these syscalls isn't properly emulated in QEMU for x86 targets. I know that different architectures might have variations in how certain syscalls are implemented or called. + +The fact that it works on ARM and MIPS but not x86 points towards an issue with the syscall handling specific to x86 in QEMU. Perhaps there's a missing implementation or incorrect handling of these syscalls in the i386 and x86_64 targets within QEMU. + +So, putting this together, it seems like the problem lies with how system calls are being handled by QEMU for x86 architectures when using the cross-toolchain. Therefore, the category should be syscall. +</think> + +The issue is related to the handling of syscalls in QEMU for x86 architectures when running programs that use the system() function. This suggests a problem with the emulation of certain system calls (like fork(), execve(), and waitpid()) specific to i386 and x86_64 targets. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1111 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1111 new file mode 100644 index 000000000..9013816ae --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1111 @@ -0,0 +1,23 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let's go through each step carefully. + +First, looking at the problem description, the user is running "perf bench futex lock-pi" in an amd64 Docker image on an s390x host. The error they're encountering is ENOSYS, which means the system call isn't implemented. + +The specific error message mentions that the function FUTEX_LOCK_PI isn't supported. This suggests that when the code attempts to make a syscall with this particular operation, it's failing because the kernel doesn't recognize or support it. + +Looking at the steps provided, the user points out that the syscall(SYS_futex, ...) is causing the issue. They are using the FUTEX_LOCK_PI flag in their system call. The fact that this results in an ENOSYS error indicates a problem with the syscall itself—specifically, that the system doesn't recognize this operation. + +Now, considering the categories: + +1. **Instruction**: This would relate to specific CPU instructions causing issues. Since the error is about a system call not being implemented, it's more about how the kernel handles syscalls rather than individual CPU operations. + +2. **Syscall**: This category fits because the problem arises from a specific system call (futex) with certain parameters leading to an ENOSYS error. The issue isn't with runtime execution in general but with the syscall not being supported as expected. + +3. **Runtime**: Runtime errors are broader, such as crashes or unexpected behavior during program execution. Here, it's specifically a missing syscall implementation. + +So, the bug is related to the system call FUTEX_LOCK_PI not being implemented on s390x when running an amd64 Docker container. This falls under the "syscall" category because it's about the syscall failing due to lack of support. +</think> + +The issue arises from a system call (futex with FUTEX_LOCK_PI) not being implemented, leading to an ENOSYS error. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/121 b/results/classifier/deepseek-r1:32b/reasoning/syscall/121 new file mode 100644 index 000000000..445342355 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/121 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about a multiprocess program getting incorrect results when using qemu arm-linux-user. The categories available are instruction, syscall, and runtime. + +First, I'll think about what each category means. The instruction category would involve issues with specific CPU instructions not working correctly. Syscall would relate to problems with system calls, like open, read, write, etc., either in the kernel or how they're handled by QEMU. Runtime errors are more general and could include issues that happen during program execution but aren't necessarily tied to a specific instruction or syscall. + +Now, looking at the bug report: it's about a multiprocess program giving incorrect results when run under QEMU's arm-linux-user emulator. Multiprocessing implies that the program uses multiple processes, which means it might be using system calls related to process management, like fork, exec, waitpid, etc. If these syscalls aren't handled properly by QEMU, it could cause incorrect behavior in the program. + +Alternatively, if the problem is with how QEMU emulates certain instructions that are crucial for multiprocessing (like synchronization primitives or memory management), it might fall under instruction issues. But more likely, since it's about process interaction, it would involve syscalls like those managing processes and inter-process communication. + +So, considering all this, I think the issue is probably related to how system calls are being handled in QEMU, leading to incorrect results when multiple processes interact. Therefore, the category would be syscall. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1238 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1238 new file mode 100644 index 000000000..0c21078ec --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1238 @@ -0,0 +1,13 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me go through it step by step. + +The problem occurs when using qemu-mipsn32 and qemu-mipsn32el with coreutils-9*. The error message mentions issues during `make install`, specifically an error deallocating a file with 'Invalid argument'. + +Looking at the strace output, several system calls are involved. For example, there's an fadvise64 call that returns -1 with errno=22 (Invalid argument). Similarly, fallocate also fails with the same error code. + +The user suspects this is related to coreutils-9 and possibly issues with fadvise64 or fallocate. These are both system calls, so the problem seems to be in how these syscalls are handled by qemu for the n32 architecture on ext4 filesystems. + +So, the issue arises during a system call execution within the QEMU environment. Therefore, it's likely related to how QEMU handles these particular syscalls. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1261 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1261 new file mode 100644 index 000000000..76af0eabc --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1261 @@ -0,0 +1,11 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let's see what the problem is about. + +The user reported an issue with QEMU on the LoongArch64 architecture where the faccessat2 syscall isn't implemented. The test script checks if a file is readable using [[ -r ]], which in turn uses the faccessat2 system call. However, since QEMU doesn't handle this syscall, it results in an error. + +Looking at the log, there's an "Unknown syscall 439" message. Syscall 439 corresponds to faccessat2 on LoongArch64. So the problem is that QEMU's user mode emulation doesn't support this specific system call yet. + +The bug isn't about a faulty instruction or something runtime-related but directly points out a missing system call implementation in the emulator. Therefore, the category should be 'syscall'. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1319100 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1319100 new file mode 100644 index 000000000..b977713d8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1319100 @@ -0,0 +1,17 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report about QEMU's signal handling causing Mono and Java to hang. Let me read through the problem again. + +The issue occurs when running Mono inside a chroot environment using qemu-user-static. It seems that certain signals used during termination aren't handled properly by QEMU, leading to hangs. The user provided a reproduction scenario where they use debootstrap to set up an armel chroot, install qemu-arm-static, and then run Mono in the chroot. When they do this, it blocks on a futex call. + +They also mention that when running Mono natively with strace, signals like SIGPWR are used between threads during termination. But under QEMU, these signals aren't being handled correctly, causing hangs. This affects not just direct Mono usage but also package installations that rely on Mono scripts in postinst. + +The user found an openSUSE patch that addresses this issue by working around a SA_RESTART race condition in the signal handling of QEMU. They applied this patch to their version of QEMU and it resolved the problem, indicating that the bug is likely not specific to Debian but exists upstream in QEMU itself. + +Looking at the categories provided: instruction, syscall, runtime. The problem seems related to how QEMU handles signals during process termination. Since signals are part of the operating system's interrupt mechanism, handling them involves syscalls and the way the kernel interacts with user-space processes. + +In this case, the issue is that certain signals aren't being correctly routed or handled within the chroot environment under QEMU. This causes the application (Mono) to hang because it's waiting on a signal that doesn't arrive as expected. The problem isn't an incorrect instruction in the code but rather how the system calls related to signaling are managed. + +So, the bug is about how QEMU interacts with system calls involving signals. Therefore, the category should be 'syscall' because it's an error occurring during the handling of these syscalls related to signal management. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1356916 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1356916 new file mode 100644 index 000000000..0b754095b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1356916 @@ -0,0 +1,14 @@ +<think> +Alright, I need to classify this bug report under one of the given categories: instruction, syscall, or runtime. + +The problem described is that when running a command inside QEMU, such as `/bin/true $(yes | head -n 100000)`, it fails with "Argument list too long," even though modern kernels don't have a fixed argv/environ limit anymore. The issue is specifically with the user-space emulation in QEMU still using a fixed limit. + +Looking at the possible categories: +- **Instruction**: This would involve an incorrect CPU instruction or something related to executing code, which doesn't seem to be the case here. +- **Syscall**: This relates to errors when making system calls. The issue arises during `execve`, which is a syscall. The emulation in QEMU isn't handling large argument lists correctly when making this call, causing it to fail. +- **Runtime**: Errors that occur during runtime but aren't directly tied to syscalls or instructions. + +The problem occurs during the execution of a system call (`execve`) due to limitations in how QEMU emulates the environment. Therefore, the issue falls under the syscall category. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1457275 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1457275 new file mode 100644 index 000000000..57910158e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1457275 @@ -0,0 +1,21 @@ +<think> +Alright, I need to classify this bug report from QEMU into one of three categories: instruction, syscall, or runtime. Let me go through the information provided step by step. + +First, looking at the output, it's a series of syscalls being made by QEMU. Each line starts with something like "mmap" or "munmap," which are system calls used for memory management. The parameters include addresses and flags like PROT_READ, PROT_WRITE, etc. + +I notice that these syscalls are related to mapping and unmapping large chunks of memory (4143972352 bytes each time). The addresses being mapped start from 0x1000 and go up incrementally. This pattern suggests that QEMU is trying to allocate a lot of virtual memory. + +Now, considering the categories: + +- **Instruction**: This would involve issues with specific CPU instructions or assembly code. There's no mention here of any instruction-level problems. + +- **Syscall**: The output clearly shows a sequence of syscalls (mmap and munmap) that are failing or behaving unexpectedly. QEMU is trying to map memory regions, but each mmap call fails, possibly due to lack of available memory or other resource constraints. + +- **Runtime**: This category covers other runtime errors not related to instructions or syscalls. Since the issue seems tied to system calls related to memory management, it's more specific than a general runtime error. + +Given that the problem revolves around repeated failures in mmap and munmap syscalls, the most appropriate category is "syscall." +</think> + +The bug report involves issues with system calls (mmap and munmap) failing repeatedly, indicating an error during memory management. + +Answer: syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1462640 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1462640 new file mode 100644 index 000000000..fd2e810f4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1462640 @@ -0,0 +1,20 @@ +<think> +Okay, I need to classify this bug report as either an instruction, syscall, or runtime issue within QEMU. Let me go through it step by step. + +The user is running a 32-bit MIPS program on a 64-bit x86 host using QEMU. The problem occurs when the program calls `shmat()`, which fails. They provided a small test case where compiling the code as 32-bit (using `-m32`) causes `shmat()` to fail with a pointer of -1, while compiling as 64-bit works fine. + +From their explanation, QEMU uses `mmap` with the `MAP_PRIVATE` flag when reserving memory for a 32-bit guest. However, `shmat()` requires using `MAP_SHARED`. This mismatch causes the failure because `shmat()` can't modify the existing mapping from private to shared. + +The issue seems related to how QEMU handles memory mappings for different architectures and how system calls interact with those mappings. Specifically, it's about how the `mmap` flags are set and whether they allow subsequent `shmat()` calls to succeed. + +Looking at the possible categories: +- **Instruction**: This refers to an incorrect instruction being executed. The problem here isn't due to a specific CPU instruction but rather system call handling. +- **Syscall**: This involves errors with system calls. Since `shmat()` is a syscall that fails, and it's related to how QEMU manages the memory mappings, this seems relevant. +- **Runtime**: General runtime issues not tied directly to instructions or syscalls. + +The core issue is that the `mmap` flags set by QEMU conflict with what `shmat()` expects. Therefore, the problem arises during system call handling within the guest environment provided by QEMU. This makes it a syscall-related bug because it's about how the syscall interacts with memory management in QEMU. +</think> + +The issue is related to how QEMU handles system calls involving memory mappings and their flags. Specifically, `shmat()` fails due to incompatible `mmap` settings. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1470170 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1470170 new file mode 100644 index 000000000..0b6475233 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1470170 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out what category this bug report falls into. The user mentioned that when they run QEMU in user mode for ARM, they're encountering unsupported syscalls 370 and 355. These issues are causing problems with systemd or a similar package. + +First, I'll break down the information given. The error messages clearly state "Unsupported syscall: 370" and "Unsupported syscall: 355". Syscalls are system calls made by userland programs to the kernel, so when QEMU reports these as unsupported, it suggests that QEMU doesn't have implementations for these particular syscalls in its ARM emulation. + +Looking at the possible categories provided: instruction, syscall, runtime. The problem here isn't about a faulty instruction or something wrong during runtime execution; it's specifically about missing system call handlers. So this seems directly related to syscalls not being supported in QEMU's user mode for ARM. + +I think the category should be 'syscall' because the issue revolves around the inability of QEMU to handle certain syscalls required by the system (like systemd) when running in an ARM environment. The errors are not about incorrect instructions or runtime exceptions but rather missing support for specific syscalls. +</think> + +The bug report involves QEMU failing to support certain system calls, specifically 370 and 355, which are necessary for proper operation of the system under emulation. + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1494 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1494 new file mode 100644 index 000000000..ebf8a61e8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1494 @@ -0,0 +1,21 @@ +<think> +Okay, so I need to figure out how to classify this bug report related to QEMU. The user provided two core dumps and some GDB outputs. Let me look through the information step by step. + +First, looking at the initial bug report from the terminal output. It mentions a coredump with PID 509058, which is a 'make' process. The signal was SIGSEGV (segmentation fault). In the GDB session, it showed that the program terminated due to a segmentation fault and pointed to sigsuspend() as the point of failure. + +Then, looking at another coredump with PID 509058 again, same user and command line. The GDB output indicated the core was generated by a 'make' process running under QEMU, and it showed that the signal was SIGSEGV, pointing to sigsuspend() as well. + +Now, considering the possible categories: instruction, syscall, or runtime. + +In both cases, the crash is due to a segmentation fault during execution of sigsuspend(). Segmentation faults are typically memory access errors—like accessing an invalid pointer or memory not properly allocated. Since it's happening in a system call (sigsuspend), which is part of the kernel's interface, it might relate to how QEMU handles syscalls. + +But wait, sigsuspend is used to wait for signals with a signal mask. If this is causing a segmentation fault, maybe there's an issue in how QEMU emulates this syscall or how it interacts with the host system's signal handling. Alternatively, perhaps it's a runtime error where some memory isn't being managed correctly during the execution of this syscall. + +Looking at the other core dump, the first one had a SIGSEGV and pointed to sigsuspend(), while another had SIGSEGV but different details. The user provided two links for core dumps, but I can't access them directly. However, from the GDB outputs, both point towards issues during system calls or in runtime handling. + +Since the problem occurs within a syscall (sigsuspend) and results in a segmentation fault, which is an error when accessing memory, it's likely related to how QEMU handles this specific syscall. Therefore, the category should be 'syscall' because the issue arises during the execution of a system call. +</think> + +The bug report indicates that the segmentation fault occurs within the `sigsuspend` system call. This suggests that the issue is related to how QEMU interacts with or emulates this particular syscall. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1516408 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1516408 new file mode 100644 index 000000000..0778e87b4 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1516408 @@ -0,0 +1,14 @@ +<think> +Okay, let's see. The user provided a bug report where QEMU is throwing an error about an unsupported syscall 186 when installing Python3.4 in an sh4 chroot. They mention that syscall 186 corresponds to sigaltstack and that it's not implemented for the sh4 target. + +The categories given are instruction, syscall, or runtime. Since the issue revolves around a specific system call (sigaltstack) not being supported on the sh4 architecture in QEMU, this falls under the 'syscall' category. The problem isn't an incorrect instruction execution or another runtime error; it's specifically about handling a particular syscall. + +So, the classification should be 'syscall'. +</think> + +The bug report is related to an unsupported system call (sigaltstack) on the sh4 architecture in QEMU, which directly pertains to a missing or unimplemented system call. + +sysyem +**syscall** + +# Answer: syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1563612 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1563612 new file mode 100644 index 000000000..1ef02c733 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1563612 @@ -0,0 +1,21 @@ +<think> +Alright, let's try to figure out what category this bug falls into. The user reported that when running their test application using PulseAudio under QEMU (both i386 and x86_64), it crashes with a segmentation fault. They mentioned compiling PulseAudio in debug mode led to an assertion failure in pa_mutex_unlock, which suggests something's wrong with the mutex handling. + +First, I'll consider what each category entails: + +1. **Instruction**: This would involve issues with specific CPU instructions causing problems. +2. **Syscall**: Issues related to system calls not being handled correctly by QEMU or the guest OS. +3. **Runtime**: Other runtime errors that don't fall into instructions or syscalls. + +The problem here involves PulseAudio, which uses threads and mutexes for synchronization. The assertion failure in pa_mutex_unlock points towards a threading issue. Since this is happening within PulseAudio's own code when run under QEMU, it might be related to how QEMU handles certain system calls or thread-related functions. + +Futex (Fast Userspace Mutex) is a Linux syscall used for efficient mutex operations. If PulseAudio is crashing with an assertion in pa_mutex_unlock, perhaps the futex syscalls aren't being handled correctly by QEMU when running in user-mode emulation. This could mean that QEMU isn't properly emulating the futex syscalls, leading to incorrect behavior in multi-threaded applications. + +Looking at the test case, it's a simple PulseAudio application that initializes and plays some audio. The crash under QEMU suggests an environment-specific issue rather than a problem with the application itself since it runs fine natively. + +Considering all this, the bug is likely related to how QEMU handles certain syscalls, particularly those involved in threading or synchronization like futex. Therefore, the category should be **syscall** because it's about system call handling leading to the crash. +</think> + +The issue stems from PulseAudio encountering a problem during runtime when executed under QEMU, specifically with futex-related syscalls which are crucial for thread synchronization. This points towards an error in how these system calls are handled by QEMU. + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1585840 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1585840 new file mode 100644 index 000000000..67cac7331 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1585840 @@ -0,0 +1,33 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report. Let's read through it again and see what the issue is about. + +So, there's a program that can run either using threads or multiple processes. By default, it uses threads, but if you pass "process" as an argument, it switches to multiprocess mode. The success condition is that both tasks end up seeing a final count of 2000000. + +The user reports that when running on standard Linux x86_64 and armhf userspaces (both with 4 cores), the program works correctly in both modes. However, when using qemu's arm-linux-user emulator, it succeeds in threaded mode but fails in multiprocess mode. + +They mention that this reflects how the linuxcnc project uses shared memory regions for IPC, which involves shmat and possibly mmap. The problem seems to be that their testsuite is failing with deadlocks and other issues under qemu-user when running on an x86_64 host, but passes on real hardware. + +The user observed the issue in multiple versions of QEMU, including v1.6.0, master (v2.6.0-...), and an outdated Debian package. + +Now, I need to classify this bug under one of the given categories: instruction, syscall, or runtime. + +Let me think about each category: + +- Instruction: This would involve a problem with how instructions are executed in QEMU. For example, if certain ARM instructions aren't emulated correctly, leading to incorrect behavior. +- Syscall: This relates to system calls not being handled properly by QEMU's user-mode emulation. If the program is relying on specific syscalls for IPC or shared memory that aren't implemented correctly, it could cause issues. +- Runtime: Other runtime errors, which might involve things like timing issues, concurrency problems during execution, etc. + +The issue here seems to be related to how multiple processes interact in QEMU's user-mode environment. Since the problem occurs only when using multiple processes and not threads, it suggests that there's an issue with inter-process communication (IPC) mechanisms under emulation. + +In multiprocess mode, each process runs separately but shares memory regions via shmat or mmap. The failure to reach the correct count could indicate that the synchronization primitives (like mutexes) aren't working as expected across processes in QEMU. This might be due to how QEMU handles syscalls related to shared memory or mutex operations. + +Another angle is that if QEMU's emulation of system calls like shmat, mmap, or those involved with mutex locking and unlocking isn't fully compatible with the host system's behavior, it could lead to deadlocks or incorrect counts. For example, if futex-based locks aren't properly emulated, processes might not synchronize correctly. + +Additionally, considering that it works on real hardware but fails under QEMU suggests that the issue is specific to the emulation layer. Real hardware handles these IPC mechanisms natively, so any discrepancies would be in how QEMU implements or emulates them. + +Therefore, this seems like a problem with system calls related to IPC and shared memory not being correctly handled by QEMU's user-mode emulator. So, it falls under the 'syscall' category. +</think> + +The issue relates to incorrect handling of system calls involved in inter-process communication (IPC) within QEMU's user-mode emulation, leading to failures in multiprocess mode. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1594394 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1594394 new file mode 100644 index 000000000..d3ac6c0d1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1594394 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to classify this bug report related to QEMU. The issue is that when setreuid() or setegid() are called from x86_64 user-mode target code in QEMU, it crashes inside the NPTL signal handlers. + +From the description, it seems like the problem arises because the x86 targets don't directly use a syscall for these functions. Instead, they use a temporary memory region __xidcmd and send a SIGRT1 signal to all threads. However, in QEMU, this __xidcmd remains null, causing issues. + +Looking at the backtrace, it shows that the crash happens in the sighandler_setxid function when trying to access __xidcmd, which is null. This leads me to think that the problem is related to how these syscalls are being handled within QEMU's user-mode environment. + +The categories given are instruction, syscall, and runtime. Since the issue revolves around the handling of setreuid/setegid syscalls and their implementation in the NPTL threading model under QEMU, it seems like a problem with how the system calls are processed or emulated. Therefore, I think this falls under the 'syscall' category. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1605443 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1605443 new file mode 100644 index 000000000..615453b50 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1605443 @@ -0,0 +1,27 @@ +<think> +Alright, so I'm trying to figure out how to classify this bug report about QEMU and epoll on an ARM host. Let's start by reading through the details carefully. + +The user mentions that they're using wine on qemu-i386, which is running on an ARM host. They noticed that version 2.5.1 works fine, but when they upgraded to 2.6, things broke. Specifically, epoll stopped working correctly. Through bisecting, they identified a specific commit (928bed6a0) as the culprit and reverted it to fix the issue. + +Now, I need to classify this bug into one of three categories: instruction, syscall, or runtime. + +First, let's think about what each category means: + +- **Instruction:** This would involve an error in how a CPU instruction is handled by QEMU. For example, if a specific assembly instruction isn't being translated correctly when running on the ARM host, that would fall here. + +- **Syscall:** This relates to errors when making system calls from the guest OS to the host OS. If there's an issue with how syscalls are handled or emulated by QEMU, this category applies. + +- **Runtime:** This is a catch-all for other runtime issues that don't fit into the above categories. It could include memory management problems, timing issues, or bugs in how certain operations are performed during execution. + +In the given case, the problem is with epoll not working correctly after an update to QEMU 2.6. Epoll is a system call used for monitoring multiple file descriptors to see if I/O is possible on any of them. The fact that this was introduced by a specific commit suggests it's related to how syscalls are handled in the emulator. + +Looking at the bisected commit, if it's causing epoll to break, it might be related to changes in how system calls are implemented or emulated in QEMU for the i386 target running on ARM. Since the user reverted this commit and the issue was resolved, it points to a problem with how that particular part of the code handles syscalls. + +Therefore, the bug is likely categorized under **syscall** because it's related to the handling of epoll system calls in the QEMU emulator when running on an ARM host. +</think> + +The bug report involves issues with how the epoll system call is handled after a specific commit in QEMU. The problem was identified and fixed by reverting that commit, indicating an error in syscall handling. + +**syscall** + +Answer: syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1617929 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1617929 new file mode 100644 index 000000000..ce4fdde7b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1617929 @@ -0,0 +1,28 @@ +<think> +Okay, so I'm looking at this bug report about QEMU hanging in a pselect syscall. The user provided some detailed information, including the command line used, back traces from gdb, and strace logs. Let me try to unpack this step by step. + +First, the issue occurs when running QEMU in a chroot environment with specific compile options. The command given is using qemu-arm to execute edje_cc, which suggests it's compiling some EDC files for an embedded system, perhaps related to Tizen. + +The back trace shows that the process is stuck in safe_pselect6, which is part of the syscall handling in QEMU. From the gdb output, it looks like the function calls are going through safe_syscall_end and into do_select. The strace logs indicate that there's a pselect6 call with 10 file descriptors, but it seems to be hanging. + +The user mentioned that this happens occasionally—only one occurrence out of over 50 trials. That suggests it might not be straightforward to reproduce, which is challenging for debugging. They also noted that both version 2.7.0-rc4 and the stable v2.6.0 have the same problem. + +Looking at the possible categories: instruction, syscall, runtime. The issue seems to be related to how QEMU handles system calls, specifically pselect. Since pselect is a Linux syscall used for I/O multiplexing, perhaps there's an issue in how QEMU emulates or interacts with this syscall. + +The fact that it's hanging in the pselect6 call suggests a possible deadlock or incorrect handling of file descriptors within QEMU. Maybe there's an issue with how the file descriptors are managed when performing select operations, leading to the process getting stuck waiting indefinitely for I/O events that never occur. + +Considering the category options: + +- **Instruction**: This would be if there was an issue with specific CPU instructions or translation errors. But the back trace points to syscalls, not instruction-level issues. + +- **Syscall**: Since pselect is a syscall and the problem occurs during its execution within QEMU's emulation of it, this seems relevant. The bug report mentions that the hang happens in a syscall (pselect6), which fits into this category. + +- **Runtime**: This would be broader errors that happen during runtime but aren't tied to specific syscalls or instructions. However, since the issue is clearly linked to a specific syscall, it's more precise to categorize it under syscall. + +So, putting it all together, the bug report describes an error related to handling a system call (pselect6) within QEMU, leading to a hang. Therefore, the appropriate category is 'syscall'. +</think> + +The issue reported is due to a problem with handling the `pselect6` system call in QEMU, causing a hang. This falls under the syscall category. + +**Answer:** +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1619896 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1619896 new file mode 100644 index 000000000..f1e7cb8c8 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1619896 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm looking at this bug report from Tobias about running the Teamspeak Server on an arm host using QEMU. The issue is that when he runs the server through QEMU, it works initially but then starts having problems after a second client connects. + +The error message mentioned is "Unsupported ancillary data: 0/8". I remember that ancillary data in network programming usually refers to additional information like socket options or control messages. So this must be something related to how the system calls are being handled by QEMU's user-mode emulation. + +Looking at the steps, he configures QEMU with i386-linux-user and runs the x86 Teamspeak binary on his armv7l host. The problem arises when clients connect—specifically, after a second client connects, the server drops connections. + +The error comes from qemu's linux-user/syscall.c, which suggests that during some system call handling, QEMU encountered an unsupported ancillary data type. Ancillary data in socket calls (like sendmsg or recvmsg) includes things like IP_PKTINFO, which gives packet information such as source and destination addresses. + +I think the issue is that Teamspeak Server might be using some advanced socket options or control messages that aren't fully supported by QEMU's user-mode emulation for i386. Specifically, if the server uses IP_PKTINFO ancillary data, and QEMU doesn't handle it correctly, this error would occur. + +So this seems like a problem with how QEMU is handling certain system calls—specifically those involving socket operations and their associated control messages. Since it's about syscalls not being fully supported, it falls under the 'syscall' category. +</think> + +The bug report involves an issue where QEMU fails to handle a specific type of ancillary data during system calls related to networking. This indicates a problem with how system calls are processed in QEMU's user-mode emulation. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1689367 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1689367 new file mode 100644 index 000000000..5a2244c9c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1689367 @@ -0,0 +1,16 @@ +<think> +Alright, I'm looking at this issue where someone is running an ARMv7 qemu chroot on their x86_64 desktop. They're getting a lot of "qemu: Unsupported syscall: 384" messages whenever they do any compiling inside the chroot. From what I gather, it's been about six months since they last used this environment, and there have been package updates since then. + +The user mentioned that these messages aren't causing any problems—they’re just annoying. They had a chat with someone in IRC who explained that syscall 384 is getrandom (sys_getrandom). The person in IRC suggested that it's probably falling back to using /dev/urandom, so it might not be a big deal but should ideally be fixed by implementing the sys_getrandom call. + +So, categorizing this bug: the issue is about an unsupported syscall. It seems like the problem is that the ARMv7 qemu isn't handling the getrandom system call correctly, which is why it's throwing those messages. The user hasn't encountered any runtime issues beyond the messages, so it doesn't fall under 'runtime' errors. It’s more specific to a missing or unimplemented syscall. + +Therefore, this should be classified under 'syscall'. +</think> + +The issue involves an unsupported system call (getrandom) in the QEMU environment, leading to repeated error messages. This is related to a missing implementation of sys_getrandom rather than a runtime error or faulty instruction. + +sys_getrandom +The bug report describes an error with a syscall being unsupported in qemu. + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1696773 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1696773 new file mode 100644 index 000000000..8cf711e6a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1696773 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to classify this bug report for QEMU. The user provided a program that starts a goroutine and calls exec repeatedly. It works fine natively but crashes under ARM user emulation with a segfault or other failures. + +First, let me understand what's happening here. Golang uses goroutines, which are lightweight threads managed by the Go runtime. When they call exec repeatedly in a goroutine, it's probably making a lot of system calls. + +Under normal circumstances, this works because the host OS can handle these syscalls efficiently. But when running under QEMU's user emulation for ARM, something goes wrong. The crashes are segfaults or other issues. + +I need to figure out what category this bug falls into: instruction, syscall, or runtime. Since it's happening during system calls (exec), it might be related to how QEMU handles these syscalls in emulation mode. Maybe there's an issue with how the ARM emulation is translating or executing certain syscalls, leading to crashes. + +So, I think this relates to a problem with system calls under user emulation. Therefore, the category should be 'syscall'. +</think> + +The bug involves issues with system calls under QEMU's user emulation for ARM, leading to crashes when exec is called repeatedly in a goroutine. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1701808 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1701808 new file mode 100644 index 000000000..b788d3cb7 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1701808 @@ -0,0 +1,15 @@ +<think> +Alright, I need to figure out how to classify this bug report about stack smashing when using the recvmsg system call in qemu-aarch64 user mode. Let me start by understanding what's happening here. + +The user provided a program that uses recvmsg and when run under qemu, it aborts with a stack smashing error. However, on native hardware, it works fine. The issue seems to be related to memory allocation around the recvmsg call because adding extra space (EXTRA_SPACE=9) fixes the problem. This suggests that recvmsg is writing beyond the allocated buffer. + +So, the problem arises when the system call returns more data than expected, causing a buffer overflow. But why would this happen in qemu but not on real hardware? Maybe there's an issue with how qemu handles the system calls or memory management in user mode. + +Looking at the possible categories: instruction, syscall, runtime. The issue is happening during a system call (recvmsg), which makes me think it's related to how the syscall is handled. Perhaps qemu isn't properly checking the buffer size when handling recvmsg, leading to incorrect data being written beyond the intended array. + +Therefore, this seems like an error with the syscall handling in qemu. It might be that qemu doesn't correctly implement the boundaries for the recvmsg call, causing it to allow more data than expected and thus smashing the stack. +</think> + +The bug is related to how the `recvmsg` system call is handled by QEMU, specifically regarding buffer size checks which lead to a stack overflow in user mode but not on native hardware. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1701971 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1701971 new file mode 100644 index 000000000..ee2bd9802 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1701971 @@ -0,0 +1,15 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about multithreading issues under QEMU user mode for SH4. The user provided a detailed scenario where their program works correctly on native platforms and other emulated architectures but hangs when using qemu-sh4. + +First, the problem occurs during thread termination or when using pthread_join. From the stack traces provided, it looks like many threads are stuck in futex operations. Futexes (fast user-space mutexes) are used for synchronization between threads, so if they're not working as expected, that could cause deadlocks or hangs. + +The program works on other architectures, which suggests it's specific to how QEMU emulates SH4. The fact that the issue arises with multithreading points towards thread management or system call handling within QEMU. + +Looking at the stack traces, they show calls into safe_futex and do_syscall in QEMU's code. This indicates that the problem is likely related to how QEMU handles futex syscalls on SH4. Futex operations might not be correctly implemented or are getting stuck, causing threads to hang indefinitely. + +Since the issue revolves around system calls (specifically futex) not behaving as expected under emulation, I think this falls into the "syscall" category. The problem isn't with an instruction execution per se but rather how QEMU manages and emulates these critical syscalls for thread synchronization. +</think> + +The bug is related to how QEMU handles syscalls, particularly futex operations, which are crucial for multithreading. Therefore, it's categorized under: + +**syscall** \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1701974 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1701974 new file mode 100644 index 000000000..fc769bccd --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1701974 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about pwrite not working correctly under qemu-sh4. Let me read through the problem again. + +The user says that when using pwrite to write to a file at a non-zero position in their program running on qemu-sh4 version 2.9.0, it doesn't work as expected. The expected output is "buf = 01W3456789", but the actual output is "buf = 0123456789". There's also an assertion failure and a signal 6 (Aborted) from qemu. + +So, they compiled their program with sh4-linux-gnu-gcc-5, made it static, then ran it under qemu-sh4. The issue seems to be that pwrite isn't updating the buffer correctly when writing at position 2. Instead of 'W' and '3' replacing some characters, it's just appending or not affecting the buffer as intended. + +Looking at the possible categories: instruction, syscall, runtime. + +- Instruction would imply a problem with how a specific CPU instruction is handled. +- Syscall suggests an issue with how system calls are implemented in qemu for this architecture. +- Runtime could be other issues that happen during execution but aren't related to instructions or syscalls. + +Since the bug is about pwrite not working as expected, which is a system call (syscall), I think it's likely a syscall-related problem. Maybe qemu-sh4 isn't correctly emulating the pwrite syscall for SH4, causing the buffer not to update properly when writing at a specific offset. +</think> + +The issue is related to how the `pwrite` system call is handled by QEMU for the SH4 architecture, indicating a problem with the system call emulation. + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1716292 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1716292 new file mode 100644 index 000000000..13327e25e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1716292 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm looking at this bug report about QEMU's user mode emulation not handling the write() system call correctly when it's given a NULL pointer and zero length. The issue is that on Linux, this should return 0, but in the emulation, it returns -1. + +First, let me understand what's happening here. The user provided a test case where they compile a small C program that calls write(STDOUT_FILENO, NULL, 0). On their system, running the compiled binary directly gives 0 as expected. But when they run the same binary under QEMU's x86_64-linux-user emulator, it returns -1 instead. + +I know that in Unix-like systems, the write() function is supposed to return the number of bytes written, which should be 0 if len (the third argument) is 0. Even if buf (the second argument) is NULL, as long as len is 0, it's a valid call and should return 0 without doing anything. + +So the problem here seems to be that QEMU isn't correctly emulating this behavior. When the write() syscall is made with these parameters in user mode, QEMU returns -1 instead of 0. That suggests there's an issue in how QEMU handles certain syscalls, specifically when len is zero and buf is NULL. + +Looking at the possible categories: instruction, syscall, runtime. The problem seems to be related to a system call handling. So it's likely under 'syscall' category because the issue arises from how the write() syscall is being processed by the emulator. + +I don't think it's an 'instruction' issue because the problem isn't about executing a specific machine instruction incorrectly; rather, it's about how a system call is handled. It's also not a runtime error in terms of execution flow or memory management but specifically related to thesyscall implementation. +</think> + +The bug report pertains to the incorrect handling of a system call within QEMU's user mode emulation. Specifically, the write() syscall with zero length and a null pointer returns -1 instead of 0 as expected. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1726394 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1726394 new file mode 100644 index 000000000..1c82dc7fa --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1726394 @@ -0,0 +1,15 @@ +<think> +Okay, so I need to classify this bug report as either 'instruction', 'syscall', or 'runtime'. Let's read through it carefully. + +The problem is about QEMU-user passing through a prctl system call with specific arguments: PR_SET_SECCOMP, SECCOMP_MODE_FILTER, and an address. The third argument is causing an EFAULT because it points to a BPF filter that's architecture-specific. Since the address can't be rewritten due to architecture differences, the safest action is to return an error. + +The user isn't sure whether to return EINVAL or something else but wants an identifiable error so seccomp errors can be ignored if not supported. + +Hmm, prctl is a system call used to set process flags and parameters. The issue here seems to stem from how QEMU handles this specific sysctl call. So the problem is related to handling a system call incorrectly, leading to an EFAULT when trying to access memory at the given address. + +So, since it's about how the system call (prctl) is being handled or passed through, causing an error, the category should be 'syscall'. It doesn't involve faulty instructions in the guest code, nor is it a general runtime issue; it's specifically about handling a syscall incorrectly. +</think> + +The bug report discusses issues with handling the prctl system call, specifically how QEMU passes arguments leading to an EFAULT. This is related to system call processing. + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1728116 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1728116 new file mode 100644 index 000000000..113adf0e5 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1728116 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out what's causing this issue with QEMU and /proc/self/auxv. From the problem description, it seems that when running certain commands under QEMU, specifically using the x86_64-linux-user binary, the output from catting /proc/self/auxv is returning 0 bytes instead of the expected 256 or so bytes. This was working in an older version (2.7.1) but broke in a newer one (2.10.1). + +The user mentioned that they did a git bisect and found that the problematic commit is 7c4ee5bcc. Looking at the diff provided, I can see that some logging was added to print out the length of the auxv vector. The output from running this shows two numbers: a very large positive number (18446744073709551264) and then -352. + +Hmm, let me think about what these numbers could mean. 18446744073709551264 is a familiar number—it's actually the value of (2^64 - 1), which is the maximum value for a 64-bit unsigned integer. But wait, why would len be that? That doesn't make sense because the auxv vector shouldn't be that large. + +Looking at the code changes in the commit, perhaps there was an error in how the length of the auxv vector is calculated or stored. In the old version, it might have been handled correctly, but now something's off. The user suggests that maybe there's a subtraction in the wrong direction or a sign issue. + +In the logging output, len is printed using TARGET_ABI_FMT_lu (which is for unsigned) and then TARGET_ABI_FMT_ld (for signed). The first log shows 18446744073709551264 as an unsigned long, which is indeed 2^64 - 2^ something. But when printed as a signed integer, it becomes negative (-352), suggesting that the value of len has somehow become incorrect. + +So maybe in the code, len was supposed to be calculated correctly but ended up being set to some wrong value due to an overflow or sign mismatch. For example, if len was intended to be 352 bytes (the positive number) but instead is stored as a negative value because of a signed integer error, that would cause issues when trying to read the auxv vector. + +Looking back at the commit, perhaps in the open_self_auxv function, the way len is determined or assigned changed. If the code uses subtraction where addition was needed or vice versa, it could result in an incorrect length. Also, if variables are declared as signed but should be unsigned (or vice versa), that could cause this kind of issue. + +In summary, the problem seems to stem from how the auxv vector's length is calculated and stored in memory. The incorrect value leads to either not reading any data or causing other issues like segfaults because the process doesn't handle a negative length properly. +</think> + +The bug report describes an error with a syscall in QEMU where the /proc/self/auxv file returns 0 bytes after a certain commit, leading to problems. The issue arises from incorrect handling of the auxv vector's length, likely due to a sign or calculation error. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1749393 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1749393 new file mode 100644 index 000000000..3c030d054 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1749393 @@ -0,0 +1,15 @@ +<think> +Alright, let's try to figure out what category this bug falls into. The problem is that when running a PIE-compiled bash under qemu-user, it crashes because sbrk() isn't working. Bash uses its own malloc implementation which relies on sbrk(), and when run under qemu, it can't allocate memory properly. + +Hmm, the user mentioned that disabling their internal malloc and using glibc's instead works fine. That suggests that the issue is with how sbrk() is handled in qemu. Since sbrk() is a system call used by malloc implementations to request more memory from the OS, this likely points towards a problem with syscalls under qemu. + +Looking at the history, the user also noted that bash had similar issues before when run directly but was fixed in the kernel. Now it's only an issue under qemu. That implies that qemu isn't handling sbrk() correctly for PIE binaries or in some other way related to how it emulates the system calls. + +So, considering the options: instruction would relate to a specific CPU instruction being incorrect, which doesn't seem to be the case here. The problem is more about the environment or how syscalls are handled. Runtime errors are broader but since sbrk() is a syscall, the issue is specifically with how qemu handles that particular system call. + +Therefore, this bug is related to a syscall error in qemu. +</think> + +The bug report describes an issue where `sbrk()` does not function correctly under `qemu-user` when running a PIE-compiled binary. Since `sbrk()` is a system call used by the memory allocation functions, the problem lies within how `qemu-user` handles this specific system call. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1763536 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1763536 new file mode 100644 index 000000000..ac721f94e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1763536 @@ -0,0 +1,57 @@ +<think> +Okay, so I need to figure out what category this bug falls into. The user is having issues when building Go code inside a Docker container using qemu-ppc64le-static. The problem occurs when running multi-threaded commands like 'go build', which sometimes hang or result in segfaults. + +Let me break down the information provided: + +1. **Environment**: They're using QEMU for ppc64le architecture, built statically and run within a Docker container. The host is an Intel i7 with multiple cores. + +2. **Steps to Reproduce**: + - Built QEMU as static. + - Created a Go project with a simple 'hello.go'. + - Used a Dockerfile to set up the environment. + - When running 'go build', it fails with segfaults or hangs, but works when using single-threaded mode. + +3. **Error Details**: + - The error involves SIGSEGV (segmentation violation) in Go's runtime. + - Specifically mentions issues during runtime execution and panic due to unexpected signals. + - It also references 'runtime.stopm' which is related to thread management in Go. + +4. **Observations**: + - Single-threaded builds work fine, implying that the issue arises with concurrency. + - Similar problems have been reported with multi-threaded apps under QEMU. + +Now, considering possible categories: + +- **Instruction**: Faulty instructions. But the error seems more systemic than a specific instruction failure. +- **Syscall**: Errors related to system calls. The issue involves syscalls (like Syscall6) and segmentation faults, which could be syscall-related. +- **Runtime**: Other runtime errors. Since it's happening in Go's runtime during multi-threaded execution. + +The error occurs when the Go runtime is handling concurrency, specifically in 'runtime.stopm', which suggests it's a problem within the Go runtime itself or how QEMU emulates the environment for concurrent processes. + +But considering the user thinks it might not be a Go issue and relates to QEMU running multi-threaded apps, perhaps it's more about how QEMU handles syscalls or concurrency. However, the error message points to Go's runtime stack with Syscall6, suggesting a problem during system calls made by the Go process. + +Alternatively, since the problem occurs under QEMU when multiple threads are involved, maybe it's an issue with how QEMU emulates the ppc64le architecture for syscalls in multi-threaded contexts. But the error message specifically points to Go's runtime, which makes me think it might be a runtime issue rather than a syscall or instruction problem. + +However, given that similar issues are reported with other applications under QEMU, and considering the environment is emulated, perhaps it's more about how syscalls are handled in QEMU when multiple threads are involved. But I'm not entirely sure if this falls under 'syscall' category since the issue arises within Go's runtime. + +But looking back at the possible categories: instruction, syscall, runtime. Since the error occurs during a system call (Syscall6) and involves concurrency which can complicate system calls in an emulated environment, it might be related to syscalls not handling multi-threading correctly under QEMU. + +However, since the user is using Go and the issue arises within Go's runtime when building, perhaps it's more about how the runtime interacts with the emulated environment. But given that other applications have similar issues, I think it points towards a problem in QEMU's handling of syscalls or concurrency. + +Wait, but the user says they built qemu from upstream master and see the same issue on arm64 as well. So maybe it's a more general QEMU issue with multi-threaded apps across different architectures. + +But for classification purposes, the error is in Go's runtime stack during a syscall, so perhaps it's under 'syscall'. Alternatively, if it's an internal Go runtime issue triggered by QEMU's environment, it might be 'runtime'. + +But given that similar issues are reported against QEMU with multi-threaded applications, I think it's more about how syscalls or concurrency is handled in the emulated environment. So perhaps it's a 'syscall' issue. + +However, since the error message mentions unexpected signals during runtime execution and panic in the Go runtime, maybe it's better classified under 'runtime'. + +But I'm not entirely certain. Maybe looking at other bug reports: issues with segfaults and concurrency often point to problems in how the emulator handles system calls or threading. Alternatively, if it's Go-specific, then it's a runtime issue. + +In this case, since the problem occurs when using multi-threaded Go builds under QEMU, and the error is during a syscall (Syscall6), I think it's more likely related to 'syscall' handling in the emulator. +</think> + +The bug report involves issues with syscalls failing in a multi-threaded environment within QEMU. The segmentation fault occurs during a system call, suggesting problems with how QEMU handles syscalls when multiple threads are involved. + +**Answer:** +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1770 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1770 new file mode 100644 index 000000000..05f07586c --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1770 @@ -0,0 +1,13 @@ +<think> +Okay, so I need to classify this bug report about QEMU and epoll_events. Let me read through it carefully. + +The problem is that when using cmake automoc with Qt5 support, the build process freezes during "Automatic MOC". The issue is traced back to the structure of epoll_event not being correctly packed for the or1k (OpenRISC) target in QEMU. + +Looking at the provided patch, they modified the syscall_defs.h file. They added TARGET_OPENRISC to a condition that defines whether TARGET_EPOLL_PACKED should be QEMU_PACKED. This suggests it's related to how epoll_events are handled on this specific architecture. + +Epoll is a system call used for I/O multiplexing, so issues with its structures would fall under syscalls. The problem arises because the structure isn't packed as expected on OpenRISC, causing an infinite loop when trying to process events. + +Since this issue is about how the epoll syscall's data structures are handled in QEMU, it's a syscall-related bug. The problem doesn't seem to involve faulty instructions directly or runtime errors unrelated to system calls. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1776478 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1776478 new file mode 100644 index 000000000..462be0d54 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1776478 @@ -0,0 +1,23 @@ +<think> +Okay, so I'm looking at this bug report from someone who's part of the Zynthian team. They're trying to cross-compile LV2 audio plugins using qemu-arm-static and running into an issue when compiling DISTRHO-Ports. The error they get is about a failed assertion in pthread_mutex_lock and then QEMU catching signal 6 (which I think is SIGABRT, meaning the program aborted). + +First, I need to figure out what category this bug falls under. The options are instruction, syscall, or runtime. Let me break down the problem. + +The error message mentions that the assertion `mutex->__data.__owner == 0` failed in pthread_mutex_lock. That suggests there's an issue with thread synchronization—specifically, a mutex being locked by someone else when it shouldn't be. This is happening inside the lv2_ttl_generator tool when it tries to process TAL-Filter-2.so. + +Now, the user mentioned that this works fine on a Raspberry Pi which is armv7 but fails in qemu-arm-static. So maybe there's something different about how QEMU handles pthread mutexes compared to native execution. + +Looking at the backtrace or error logs would help, but they're not provided here. However, since the problem occurs during cross-compilation with QEMU, it could be related to how QEMU emulates certain system calls or threading primitives. + +The fact that it's a pthread_mutex issue makes me think about syscalls related to threading. Mutex operations involve system calls for managing threads and synchronization. If QEMU isn't correctly handling these syscalls in the emulation, it might lead to such assertion failures. + +Alternatively, maybe there's an issue with how the cross-compiled binary interacts with the host's pthread implementation when run under QEMU. But I'm not sure if that would cause a signal 6 or just some incorrect behavior. + +Another angle: Maybe the problem is in how the lv2_ttl_generator uses threads. If it expects certain threading behaviors that aren't being properly emulated by QEMU, that could trigger this error. + +Considering all this, the issue seems to be related to system calls, specifically those involved with pthread mutex operations. Since the assertion failure is within a function called from the generator script, and it's happening when running under QEMU, I'd categorize this as a syscall-related problem. +</think> + +The bug involves an assertion failure in a pthread_mutex_lock function while using QEMU for cross-compilation. This suggests issues with system calls related to threading. + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1785203 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1785203 new file mode 100644 index 000000000..2ca1ee8c2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1785203 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm looking at this bug report for QEMU-riscv64 version 2.12.93. The issue arises when the program calls mincore() with an invalid pointer, which leads to a crash in QEMU. + +The error message points to a failed assertion in translate-all.c: page_check_range. The specific condition is that 'start' must be less than (target_ulong)1 shifted left by L1_MAP_ADDR_SPACE_BITS. It seems like the start value being passed is too large, beyond what's allowed. + +Looking at the test case provided, it calls mincore with an address 0x00000010000000000 and a length of 1. This address might be out of bounds for QEMU's memory mapping, causing the assertion failure. + +The backtrace shows that the crash occurs when accessing memory in page_check_range, which is part of the TCG (Translation-Cache-Generator) acceleration code. The function access_ok is checking if the address range is valid before allowing access. Since mincore is trying to access an invalid or out-of-bounds address, this causes the assertion. + +Now, classifying this bug: it's related to handling a system call (mincore) incorrectly within QEMU. Specifically, when a syscall with invalid parameters is made, QEMU doesn't handle it gracefully and crashes instead of perhaps returning an error or ignoring the invalid request. + +So, this seems like a 'syscall' issue because it's directly tied to how QEMU processes mincore system calls, especially with invalid pointers. +</think> + +The bug occurs when handling an invalid pointer in a syscall (mincore), causing QEMU to crash. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1791763 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1791763 new file mode 100644 index 000000000..65d8eebe2 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1791763 @@ -0,0 +1,11 @@ +<think> +Okay, so I'm trying to classify this bug report about the Nios2 user-mode emulation in QEMU. Let me read through the problem again. + +The issue is with signal handling not working properly. The user mentions that parts were copied from the Linux kernel but weren't adjusted for host and target data types or address spaces. Also, there's a problem with sigaltstack returning EINVAL because of incorrect struct order. + +Looking at the categories: instruction, syscall, runtime. + +This doesn't seem to be an issue with a specific instruction being faulty. It's more about how system calls are handled. The problems described are related to system calls like sigaltstack not working correctly because of structural issues in the code. So, it's likely a syscall category issue. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1791796 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1791796 new file mode 100644 index 000000000..7c492e108 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1791796 @@ -0,0 +1,19 @@ +<think> +Okay, I'm trying to classify this bug report related to QEMU. The user provided some output logs and mentioned that certain system calls like set_robust_list and clone are reported as unimplemented. They also linked to another bug about signal syscalls. + +First, I'll look at the logs. It seems there are multiple lines showing that set_robust_list is returning an error (errno 38), which means it's not implemented. Similarly, clone is mentioned but perhaps in a different context. The user notes that these issues were reported separately under a QEMU bug. + +Now, considering the categories given: instruction, syscall, runtime. + +- Instruction would involve issues with specific CPU instructions. +- Syscall relates to system call errors. +- Runtime covers other runtime errors not related to instructions or syscalls. + +In this case, the issue is about certain system calls (set_robust_list and clone) being unimplemented, which means they're not handled correctly by QEMU. So these are syscall-related problems because they involve the interaction between user-space programs and the kernel through system calls. + +Therefore, the category should be 'syscall'. +</think> + +The bug report involves errors with specific system calls (set_robust_list and clone) being unimplemented in QEMU, indicating issues related to system call handling. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1813307 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1813307 new file mode 100644 index 000000000..081d4208f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1813307 @@ -0,0 +1,9 @@ +<think> +Alright, let's see what this bug report is about. The user is saying that when they try to run gdbserver under qemu, it fails inside __getcwd because of an issue with how "/" is handled. Specifically, when lstat is called on "/", qemu's follow_path function returns QEMU_LD_PREFIX instead of "/". This causes a problem because subsequent calls to lstat("..") eventually reach the real device root, leading to inconsistency. + +I need to classify this bug into one of the given categories: instruction, syscall, or runtime. The issue seems related to how paths are resolved, particularly when dealing with the root directory. Since it's about handling a system call (lstat) and its behavior within QEMU, I think it falls under the 'syscall' category. +</think> + +The bug report discusses an issue with how the `follow_path()` function in QEMU handles the root directory "/". It results from incorrect mapping during system calls like `lstat`, causing inconsistencies. This is related to how syscalls are handled. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1821006 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1821006 new file mode 100644 index 000000000..d3fad324f --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1821006 @@ -0,0 +1,15 @@ +<think> +Alright, let's try to figure out this problem step by step. So, the user is encountering an issue when trying to build a Docker image for ARM architecture using QEMU. The error message they're getting is "qemu: Unsupported syscall: 382". + +First, I need to understand what each part of their setup means. They're using `docker build` with `--build-arg ARCH=arm32v7`, which suggests they're targeting an ARM v7 architecture. The Dockerfile uses a multi-stage build, starting from an arm32v7 Debian image and installing some dependencies. + +Looking at the error message, "Unsupported syscall: 382" indicates that QEMU is encountering a system call it doesn't recognize. System calls are how user-space programs interact with the kernel. If QEMU doesn't support this particular syscall (number 382), that's likely the root of the issue. + +The user provided their binfmt configuration file, which seems correctly set up for ARM static binaries using `/usr/bin/qemu-arm-static`. The bug report link they included points to Debian bug #923479, which discusses QEMU encountering unsupported syscalls. + +I recall that different CPU architectures have different system calls. Since the Docker build is for an arm32v7 image, the host (likely x86_64) uses QEMU to emulate this environment. However, if the host's QEMU version doesn't support all the necessary syscalls required by the ARM binary being executed during the Docker build, it would throw this error. + +The possible categories given are instruction, syscall, and runtime. The error is explicitly about a syscall not being supported, so it falls under the 'syscall' category. This isn't an issue with an instruction or a runtime error in general but specifically a problem with handling a particular system call. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1857811 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1857811 new file mode 100644 index 000000000..c3e96960a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1857811 @@ -0,0 +1,23 @@ +<think> +Alright, so I need to figure out how to classify this bug report related to QEMU. The user mentioned that when they run 'emerge' in a Gentoo Linux environment using 'qemu-aarch64 chroot', they get an error: "Unable to configure loopback interface: Operation not supported." They also noted that if they disable emerge's network-sandbox, which uses network namespaces, the error goes away. + +Okay, so first, I should break down what each part means. 'emerge' is Gentoo's package manager, and it sometimes uses a feature called network-sandbox to isolate builds in a network namespace. This helps prevent build scripts from accessing the internet or other resources unintentionally. + +The problem occurs when they enable this feature, which suggests that the issue is related to how QEMU handles network namespaces within its environment. The error message specifically mentions the loopback interface failing to configure. Loopback interfaces are used for communication between different parts of a system, so if it's not working, it can cause various networking issues. + +Now, looking at the possible categories: instruction, syscall, runtime. I need to determine which one fits this scenario. + +- **Instruction**: This would involve incorrect commands or instructions given by the user that lead to an error. But in this case, the user is executing standard emerge commands, so it's not about faulty instructions. + +- **Syscall**: This relates to system calls made by the application. The loopback interface setup likely involves syscalls like socket(), bind(), etc. If QEMU doesn't support network namespaces properly, perhaps certain syscalls aren't being handled correctly in that context. + +- **Runtime**: This would be other runtime errors not related to instructions or syscalls. However, since the error is about a specific operation (configuring loopback) failing, it's more likely tied to how QEMU handles system calls in its environment when network namespaces are involved. + +So, putting it together: The issue arises because emerge uses network namespaces, and QEMU doesn't support this feature for the aarch64 chroot. This leads to problems during runtime when certain syscalls related to networking (like setting up loopback) aren't supported or handled correctly by QEMU in that environment. + +Therefore, the bug is likely a **syscall** issue because it's about how system calls within network namespaces are not being properly managed by QEMU. +</think> + +The problem arises from how QEMU handles system calls related to networking when using network namespaces. The loopback interface setup fails because QEMU lacks support for network namespaces in this context, leading to the error during runtime. + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1858461 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1858461 new file mode 100644 index 000000000..d794173aa --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1858461 @@ -0,0 +1,13 @@ +<think> +Alright, I need to figure out what category this bug report falls into. The user mentioned they added a new syscall (number 436) to QEMU but received ENOSYS from their MIPS application. They provided details about modifying `cpu_loop.c` by adding an entry for `sys_getdents64_x32`. + +They also showed the code where `syscall_num` is calculated and checked against `sizeof(mips_syscall_args)`, which returns -TARGET_ENOSYS if it's out of bounds. The user noticed that the MIPS implementation differs from ARM, suggesting a need for refactoring to match how ARM handles syscalls with its own base. + +The issue here is clearly related to handling system calls correctly in QEMU for MIPS. The problem arises when adding a new syscall, which isn't being recognized properly, leading to ENOSYS errors. This points to an error within the system call handling mechanism rather than an instruction or runtime error unrelated to syscalls. + +So, this bug is about how the system calls are managed and processed in QEMU for MIPS architecture, hence it's a syscall-related issue. +</think> + +The bug report discusses issues with adding a new syscall and receiving ENOSYS errors. It involves modifying `cpu_loop.c` and comparing it to ARM's implementation. The problem lies in handling syscalls, not instructions or runtime errors unrelated to syscalls. + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1860053 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1860053 new file mode 100644 index 000000000..9d41a4163 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1860053 @@ -0,0 +1,21 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me read through the report carefully. + +The issue is about time functions malfunctioning when using QEMU's ppc64le emulator in user mode. Specifically, Go's time.NewTicker() and time.Sleep() aren't working correctly—they revert to 1-second intervals instead of the intended shorter durations. This problem started after Go switched to using vDSO for clock_gettime on PowerPC64 in version 1.12. + +From what I understand, the issue doesn't occur when running on actual hardware or with other architectures emulated by QEMU. It's specific to ppc64le and happens only when using the vDSO path. The problem arises because Go changed how it calls clock_gettime—now using vDSO instead of syscalls. + +So, the problem seems related to how QEMU is handling vDSO calls for clock_gettime on ppc64le. Since the issue doesn't occur with actual hardware or when using syscalls (which are different from vDSO), it points towards an emulation bug in QEMU's user-mode for this specific architecture. + +The categories given are instruction, syscall, and runtime. The issue is about system call handling via vDSO, which is a type of optimized call that doesn't go through the standard syscall mechanism. However, since vDSO is related to how syscalls are handled in userspace, it's likely a syscall category issue. + +Therefore, I think this bug should be classified under 'syscall' because it relates to the handling of clock_gettime calls via vDSO in user-mode emulation. +</think> + +The problem occurs during the handling of clock_gettime via vDSO, which is related to system call handling. Therefore, the appropriate classification is: + +**syscal** + +But since the options are instruction, syscall, or runtime, and this issue relates to how syscalls (specifically through vDSO) are handled in QEMU's user-mode emulation, it falls under 'syscall'. + +**syscall** \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1861341 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1861341 new file mode 100644 index 000000000..9c4e877c9 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1861341 @@ -0,0 +1,13 @@ +<think> +Okay, so I'm trying to figure out what category this bug falls into. The user reported that when they run QEMU via Flatpak for ARM images on an x86_64 system, they get an "Unknown syscall 397" error. They mentioned that statx is involved because of the syscall number. + +First, I need to understand what's happening here. The user is using Flatpak to install and run KDE SDK and Platform for ARM on their x86_64 machine. When they try to run qmake inside the SDK, QEMU throws an error about an unknown system call. This causes issues where qmake can't find .pro files or libraries. + +Looking at the categories provided: instruction, syscall, runtime. The user's problem is specifically about a syscall (number 397) that QEMU doesn't recognize. System calls are how user-space programs interact with the kernel. If the host system supports a syscall but QEMU doesn't emulate it properly for the target architecture, this error occurs. + +Since the Flatpak images were built for AARCH64 hardware and they're running on x86_64, there might be compatibility issues. The host kernel (4.19.86) supports more syscalls than what QEMU is emulating for ARM. In this case, statx is a newer syscall that's not properly handled by the version of QEMU being used. + +So, the bug isn't about an incorrect instruction or a runtime error in general. It's specifically because the system call isn't recognized by QEMU when translating it from AARCH64 to x86_64. This points directly to a syscall-related issue within QEMU. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1876373 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1876373 new file mode 100644 index 000000000..56c34d998 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1876373 @@ -0,0 +1,15 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's break down what's happening here. + +The user is describing a segfault that occurs when a program uses the mremap function within QEMU. The program works fine when run natively on an x86_64 system but crashes in QEMU for i386 and arm targets. They've also noted that changing the size to something else like 12288 prevents the segfault, which suggests it's specific to shrinking to exactly 4096 bytes. + +Looking at the code provided, the program uses mmap to allocate a buffer of 8192 bytes and then calls mremap to shrink it to 4096. The problem occurs during the mremap call in QEMU but not natively or when using a different size. This indicates that it's related to how QEMU handles this particular system call. + +The issue is specifically happening within the mremap syscall, as confirmed by debugging with qemu's -singlestep option. So the bug isn't about an incorrect instruction being executed or some runtime error unrelated to the OS; it's directly tied to how QEMU processes this system call. + +Therefore, this falls under the "syscall" category because it's related to the handling of a specific system call (mremap) within the emulator. +</think> + +The bug is related to how QEMU handles the mremap syscall, leading to a segfault in certain conditions. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1884719 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1884719 new file mode 100644 index 000000000..d49e40e8e --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1884719 @@ -0,0 +1,24 @@ +<think> +Alright, let me try to figure out how to classify this bug report. The user is experiencing an issue where they're getting "Function not implemented" errors when using the Linux libaio library within a Docker container that's emulating an aarch64 architecture via QEMU. + +Looking at the steps provided: + +1. They set up QEMU for static binaries. +2. Run a Docker image with arm64v8/centos:8. +3. Install GCC and libaio inside the container. +4. Compile a simple C program that uses libaio functions. + +The problem occurs when running this program in the emulated environment, where it returns res = -38 (ENOSYS), which means the function isn't implemented. However, it works fine on native aarch64 and x86_64 without emulation. + +I know that ENOSYS is returned when a system call isn't implemented by the kernel. So, in this case, the QEMU user-mode emulation might not be handling some syscalls correctly for the arm64 architecture. + +The user tried using strace but got similar errors about ptrace functions not being implemented. This suggests that certain syscalls are missing or not properly handled in the emulated environment. + +So, the issue revolves around system calls not being implemented when running under QEMU's emulation, specifically for libaio which relies on specific syscalls like io_queue_init. Therefore, this seems to be a problem related to how QEMU handles these particular syscalls during emulation. + +Thus, the category should be "syscall" because it's an error occurring with system calls in the emulated environment. +</think> + +The bug report involves issues with system calls not being implemented correctly under QEMU's user-mode emulation. The ENOSYS error indicates that certain syscalls aren't handled, which is related to how QEMU processes these calls for different architectures. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1893010 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1893010 new file mode 100644 index 000000000..f58babe0b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1893010 @@ -0,0 +1,17 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU not supporting OFD fcntl locks. Let me break it down step by step. + +First, the user is using Gentoo with the latest QEMU version 5.0.0-r2. They're emulating ppc64 and s390x on an x86_64 machine. The issue arises when they try to use Open File Description (OFD) locks, which are part of the fcntl system calls. + +The error message mentions that attempting to use these OFD locks results in EINVAL, which is a common error indicating an invalid argument. Looking into the QEMU source code, specifically in linux-user/syscall.c, they suspect that the problem lies in the target_to_host_fcntl_cmd function. This function probably translates the target system call commands (from the emulated architecture) to the host's equivalents. + +In this case, the switch statement within that function doesn't handle F_OFD_SETLK, F_OFD_SETLKW, or F_OFD_GETLK. These are specific fcntl commands related to OFD locks. Since these cases aren't handled, any attempt to use them would fall into the default clause of the switch, leading to EINVAL because there's no valid translation for these commands. + +Now, considering the categories provided: instruction, syscall, runtime. The issue is about how QEMU handles certain system calls—specifically, fcntl with OFD locks. It's not an error in executing a particular instruction but rather in processing the system call correctly. So this points towards a syscall-related bug. + +I don't think it's an instruction-level problem because the error isn't about misinterpreting machine code but about handling a specific type of system call. It also doesn't seem like a runtime error that occurs during normal execution, such as memory issues or crashes, since it's specifically tied to the handling of fcntl commands. + +Therefore, the bug falls under the syscall category because it involves incorrect processing of a system call by QEMU. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1894361 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1894361 new file mode 100644 index 000000000..0568b03f6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1894361 @@ -0,0 +1,20 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report about QEMU. The issue mentions that the `syscall.c` file lacks the `pselect6_time64` function. In commit 50efc6958638..., they removed the legacy `pselect6` definition for riscv32 and switched to using `pselect6_time64`. However, it seems that `pselect6_time64` isn't present in `syscall.c`, which means the riscv32 architecture is missing the `pselect` syscall. + +So I need to categorize this bug into one of three categories: instruction, syscall, or runtime. + +The problem here is specifically about a system call (`pselect`) not being correctly implemented due to a missing function in the codebase. The user points out that `pselect6_time64` isn't available, which affects the availability of `pselect` on riscv32 systems. This directly relates to how system calls are handled in QEMU. + +Looking at the categories: +- Instruction: Relates to processor instructions or assembly code issues. +- Syscall: Involves problems with system calls and their handling. +- Runtime: Other runtime errors not covered by the above. + +Since this is about a missing system call implementation, it falls under the 'syscall' category. The issue isn't about an instruction error or a runtime crash but rather the absence of a necessary syscall definition leading to functionality issues on riscv32. +</think> + +The bug report discusses the absence of a specific system call (`pselect6_time64`) in QEMU's `syscall.c` file, causing the `pselect` syscall to be unavailable for riscv32. This is an issue with how system calls are handled. + +**Answer:** + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1906193 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1906193 new file mode 100644 index 000000000..38a126a2a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1906193 @@ -0,0 +1,18 @@ +<think> +Okay, I need to figure out how to classify this bug report about QEMU. The issue is that when running a program on riscv32 user mode emulation under x86_64 using QEMU's master branch, the fork system call returns an incorrect exit status. Specifically, the child process exits with 42, but the parent receives 40. + +First, I'll look at the code provided. The program forks a child process which exits with 42. The parent waits for this child and checks the exit status using wait(). It then prints out that it received 40 instead of 42. This discrepancy suggests something is wrong in how the exit status is handled during or after the fork. + +The problem occurs in an emulation environment, specifically riscv32 in a chroot on x86_64. The user compiled with gcc-10.2 and provided versions for gcc and ld. Since the issue arises when using QEMU's emulator, it's likely related to how QEMU handles system calls or process management in this context. + +Considering possible categories: instruction, syscall, runtime. The problem isn't about a faulty CPU instruction but rather how a system call (fork/wait) is handled. It's also not an error during runtime that's unrelated to specific operations; it's tied directly to the handling of the fork and wait syscalls. + +So, this seems like a syscall-related issue because the exit status from the child isn't being correctly communicated back to the parent through QEMU's emulation. Therefore, the category should be 'syscall'. +</think> + +The bug is related to how system calls are handled in QEMU's riscv32 user mode emulation. The fork and wait syscalls aren't correctly passing the exit status between processes. + +sys +call + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/1926996 b/results/classifier/deepseek-r1:32b/reasoning/syscall/1926996 new file mode 100644 index 000000000..f72fff3e1 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/1926996 @@ -0,0 +1,22 @@ +<think> +Okay, I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's look at the problem described. + +The issue is that when running clone_test.c under qemu-aarch64-static, the clone() system call returns -1 with the error "Invalid argument". When run natively, it works correctly, so the problem must be in how qemu handles the clone syscall. + +In the bug report, the user provided output showing the native execution works fine. Under QEMU, the clone call fails. Since clone is a system call that requires proper emulation, including setting up child processes and handling flags correctly, this points towards an issue with how QEMU implements or emulates this specific syscall. + +Looking at the categories: + +- **Instruction**: This would be about faulty CPU instructions, but the problem here isn't related to executing an instruction; it's a system call failure. +- **Syscall**: The clone() function is a system call. If QEMU doesn't handle it correctly (maybe incorrect flags or return values), this fits. +- **Runtime**: Other runtime errors not related to syscalls or instructions, like memory management issues. + +Since the problem directly relates to handling the clone() syscall returning an error that suggests an invalid argument, and since QEMU's job includes emulating system calls accurately, the category is likely 'syscall'. + +So the classification should be 'syscall'. +</think> + +The bug report describes a failure in the `clone()` system call when run under QEMU, indicating an issue with how this specific syscall is handled. Therefore, it falls under the 'syscall' category. + +**Answer:** +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/2112 b/results/classifier/deepseek-r1:32b/reasoning/syscall/2112 new file mode 100644 index 000000000..57d6e6332 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/2112 @@ -0,0 +1,21 @@ +<think> +Okay, so I need to figure out how to classify this bug report. The user is having an issue with QEMU's user mode when using the clone syscall on MIPS architecture. Let me break it down step by step. + +First, the problem description says that when they use the clone system call with certain flags in their MIPS program, they get an error: errno=22 (Invalid argument). They've traced this to QEMU checking if all the flags are present as per CLONE_THREAD_FLAGS. If not, it returns an error. + +Looking at the code snippet they provided from QEMU's syscall.c file around line 6564, it seems that QEMU expects specific flags for clone. The current CLONE_THREAD_FLAGS include several options: CLONE_VM, CLONE_FS, CLONE_FILES, CLONE_SIGHAND, CLONE_THREAD, and CLONE_SYSVSEM. + +In their program, the flags used are only CLONE_VM | CLONE_FS | CLONE_FILES | CLONE_SIGHAND. This doesn't include CLONE_THREAD or CLONE_SYSVSEM, which might be causing QEMU to throw an error because it expects all these flags to be present when using clone in a certain way. + +The user is asking if there's a way to make QEMU accept just their set of flags without altering the program's behavior. Alternatively, they want to know how to enable proper support for the MIPS clone syscall in QEMU. + +Now, considering the categories: instruction, syscall, runtime. + +- Instruction issues are about incorrect handling of specific CPU instructions. +- Syscall issues relate to problems with system calls, like this case where clone isn't handled correctly. +- Runtime issues are other runtime errors not related to instructions or syscalls. + +Since the problem is specifically about how QEMU handles the clone syscall and its flags, it falls under the syscall category. The error occurs when making a system call, and the issue is in how that call is processed by QEMU. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/2123 b/results/classifier/deepseek-r1:32b/reasoning/syscall/2123 new file mode 100644 index 000000000..d6d445de0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/2123 @@ -0,0 +1,19 @@ +<think> +Okay, I'm trying to figure out how to classify this bug report for QEMU. So, let's break down what's happening here. + +The user provided a Rust program that attempts to spawn a subprocess using a command that doesn't exist. Normally, when you run this program directly on the host system (without QEMU), it correctly returns an error because the command isn't found. However, when running under QEMU, instead of getting an error, the program successfully spawns a process and prints its ID. + +Hmm, so what's different here? When using QEMU, especially for emulating a different architecture like aarch64, it sets up a virtualized environment. Maybe QEMU is intercepting or modifying system calls in a way that affects how processes are spawned. + +In the Rust code, `Command::new("thisdoesnotexist").spawn()` is used. On a normal system, this should return an error because the command isn't found. But under QEMU, it seems like the spawn is successful, which shouldn't happen. + +So why would QEMU allow spawning a non-existent command? It might be that QEMU's emulation of certain syscalls isn't handling errors correctly. For example, when `execve` (the syscall used to execute a new program) is called with a non-existent binary, it should return an error. If QEMU isn't properly checking or returning the correct error for this syscall, then the spawn might incorrectly succeed. + +This points towards a problem with how syscalls are handled in QEMU. The incorrect behavior suggests that there's an issue with the emulation of system calls related to process creation, specifically when the executable doesn't exist. Therefore, the bug is likely in the way QEMU handles these syscalls, leading to this unexpected success. + +So, classifying this, it seems to be a syscall error because the problem arises from how QEMU processes the `execve` syscall or similar ones. The process spawning should fail but doesn't under QEMU's environment, indicating a flaw in the syscall handling. +</think> + +The bug is related to incorrect handling of system calls when emulating an environment under QEMU, specifically when attempting to execute a non-existent command. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/2168 b/results/classifier/deepseek-r1:32b/reasoning/syscall/2168 new file mode 100644 index 000000000..b4ad92176 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/2168 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm looking at this bug report where running `grep` inside a Gentoo chroot using qemu-x86_64 on an arm64 host causes a segmentation fault. The user provided some output and a GDB backtrace to help figure out what's going on. + +First, I need to understand the problem. They unpacked an x86_64 chroot environment and then tried running `grep` using qemu as an emulator. When they do this with QEMU versions 8.x.x, it segfaults, but not with 7.x.x. So something changed between these versions that's causing the issue. + +Looking at the output from running the command, it says there's a SIGSEGV with code MAPERR and address 0x20. That suggests a memory access error, specifically trying to map a region that's invalid or not accessible. + +The GDB backtrace shows the crash happening in `open_self_maps_2` within syscall.c at line 8089. The function is part of handling syscalls related to opening files, especially `/proc/self/maps`, which is used for mapping memory regions. It looks like it's trying to access some guest memory that isn't properly mapped or has an incorrect address. + +The backtrace goes through several functions: `walk_memory_regions` in user-exec.c and then into `open_self_maps_1` again in syscall.c, leading up to `do_guest_openat`. So the issue seems tied to how QEMU is handling file operations within the emulated environment, particularly when dealing with memory maps. + +Since the problem occurs during a system call (`sys_openat`), it's likely related to how QEMU translates or handles syscalls from the guest OS on the host. The fact that it works in 7.x.x but not 8.x.x suggests there might have been changes in the syscall handling between these versions. + +Considering the categories provided—instruction, syscall, runtime—the issue is happening during a system call execution within QEMU. Therefore, this bug falls under the "syscall" category because it's an error that occurs when processing a system call from the guest OS. +</think> + +The bug involves a segmentation fault occurring during a system call within the QEMU emulator, specifically related to file operations and memory mapping. + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/2170 b/results/classifier/deepseek-r1:32b/reasoning/syscall/2170 new file mode 100644 index 000000000..0adc7d87d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/2170 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU crashing when an application calls pthread_getattr_np(). Let me go through the information provided step by step. + +First, the problem occurs when running a specific program under QEMU's user emulation. The program is using pthread_getattr_np(), which is a non-portable (GNU) extension to get thread attributes. When this function is called, QEMU crashes with a segmentation fault, specifically SIGSEGV at address 0x20. + +Looking at the backtrace from GDB, it shows that the crash happens in several functions within QEMU's codebase. The stack trace goes through functions like open_self_maps_2, walk_memory_regions, and eventually into do_syscall1 and do_syscall. These function names suggest that the issue is related to system calls being handled by QEMU. + +The user also mentioned that this bug was introduced after a rewrite of the `open_self_maps` function in commit 7b7a3366e142d3baeb3fd1d3660a50e7956c19eb. That indicates that there's something wrong with how QEMU is handling this specific system call or related memory operations. + +Now, considering the possible categories: instruction, syscall, runtime. + +- **Instruction**: This would be if the issue was caused by a faulty CPU instruction. But here, the problem arises from a system call, not directly from an executed instruction. + +- **Syscall**: Since the crash happens during a system call handling in QEMU, specifically when opening `/proc/self/maps`, which is part of process memory management. The error seems to stem from how QEMU processes this syscall, leading to invalid memory access. + +- **Runtime**: This would cover other runtime errors not related to instructions or syscalls, but given the stack trace points directly to system call handling functions, it's more specific than a general runtime issue. + +Therefore, the bug is likely related to how QEMU handles a particular system call, which fits into the "syscall" category. The crash occurs during the processing of an openat system call (as seen in do_guest_openat), leading to invalid memory access and segmentation fault. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/2197 b/results/classifier/deepseek-r1:32b/reasoning/syscall/2197 new file mode 100644 index 000000000..8e7fffe14 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/2197 @@ -0,0 +1,18 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me think through each part carefully. + +The problem is about QEMU's user space emulator handling the setsockopt() system call incorrectly when optlen is 0. The user provided a code snippet that calls setsockopt with NULL and 0 as parameters for ALG_SET_KEY. On real Linux, this works fine, but in QEMU, it returns ENOMEM. + +Looking at the categories: + +1. Instruction: This would involve issues with specific CPU instructions or assembly-level problems. But here, the issue is about a system call handling, not low-level instruction execution. +2. Syscall: This category involves errors when dealing with system calls. The problem clearly relates to how QEMU processes the setsockopt() call, so this seems relevant. +3. Runtime: Errors that occur during runtime but aren't tied directly to a specific system call or instruction. Since the issue is specifically about handling a syscall incorrectly, this might not fit. + +The bug report mentions that the emulator intercepts the syscall and returns an incorrect error. This points towards a problem in how QEMU handles system calls, particularly setsockopt(). Therefore, the most appropriate category here is 'syscall'. +</think> + +The bug relates to QEMU's handling of the `setsockopt()` system call, specifically when called with certain parameters. The issue arises during the processing of this syscall within the emulator. + +**Answer:** +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/2309 b/results/classifier/deepseek-r1:32b/reasoning/syscall/2309 new file mode 100644 index 000000000..9d3c6a936 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/2309 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report related to qemu-aarch64 hanging after an upgrade of libc6. Let's break it down step by step. + +First, from the description, when someone runs `cargo test` using `qemu-aarch64`, the process hangs with 100% CPU usage and doesn't respond to a Ctrl-C interrupt via GDB. This happens specifically after upgrading libc6 to version 2.36-9+deb12u6. It's important that the same binary runs fine on a real arm64 target with this upgraded libc, which suggests it's not an issue with the binary itself but something related to how QEMU is handling things. + +The steps to reproduce involve setting up a Rust project with a simple test, configuring the `.cargo/config.toml` to use `qemu-aarch64` as the runner. The problem occurs when running tests in this setup. + +Looking at possible categories: instruction, syscall, runtime. + +- **Instruction:** This would relate to a specific CPU instruction causing issues. But since it's hanging and not crashing with an error related to an unknown instruction, I don't think that's the case here. + +- **Syscall:** Could be related to how system calls are handled by QEMU. The upgrade in libc might change how syscalls are made or handled, potentially causing a deadlock or infinite loop in QEMU when emulating the environment. + +- **Runtime:** This is a broader category for other runtime errors not covered by instructions or syscalls. Since it's about the emulator hanging and high CPU usage, this could fall under runtime issues because it's how QEMU manages execution during testing. + +But considering that the issue arises with the upgraded libc version, which affects system calls, perhaps it's more specific to how QEMU handles certain syscalls when interacting with the new library. The fact that GDB can't interrupt suggests there might be a problem in handling signals or interrupts within QEMU, possibly related to how it processes syscalls. + +So I'm leaning towards **syscall** because the issue seems tied to how system calls are being handled after the libc upgrade, causing QEMU to get stuck. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/2390 b/results/classifier/deepseek-r1:32b/reasoning/syscall/2390 new file mode 100644 index 000000000..a5b973331 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/2390 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to classify this bug report about Qemu handling getsockopt incorrectly when the optval argument is NULL. Let me go through this step by step. + +First, the problem occurs when someone runs a program that calls getsockopt with a NULL optval on RISC-V Qemu. The program works fine on x64 Linux, returning 0 as expected, but on Qemu it fails with "Bad address." + +The user provided code where they create a socket and then call getsockopt with option_value set to NULL. They also mentioned that the man page for getsockopt allows optval to be NULL if no value is to be returned. So according to the documentation, passing NULL should be acceptable. + +Looking into Qemu's implementation of getsockopt in the provided link, I can see that they have a function that handles this syscall. The issue seems to be that Qemu isn't handling the NULL optval correctly. Instead of allowing it as per the man page, Qemu might be trying to dereference a NULL pointer or perform some operation that expects a valid address, leading to an error. + +The user also pointed out that the problem is in the Qemu code around line 2753 where there's an attempt to put_user* which probably fails when optval is NULL. This suggests that Qemu isn't properly checking if optval is NULL before using it, causing a bad address error. + +So, putting this all together: the issue arises because Qemu's implementation of getsockopt doesn't correctly handle the case where optval is NULL, leading to an incorrect "Bad address" error when it should just return success as per the man page. This indicates that there's a problem with how Qemu handles system calls, specifically getsockopt in this case. + +Therefore, the category for this bug report is a syscall issue because it relates to how Qemu processes and responds to the getsockopt system call. +</think> + +The bug report pertains to an incorrect handling of the `getsockopt` system call by QEMU when the `optval` parameter is `NULL`. This results in an error where QEMU incorrectly returns "Bad address" instead of behaving as per the man page, which allows `NULL` for `optval`. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/2485 b/results/classifier/deepseek-r1:32b/reasoning/syscall/2485 new file mode 100644 index 000000000..b9e77d08d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/2485 @@ -0,0 +1,22 @@ +<think> +Okay, I need to classify this bug report into one of the given categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The issue occurs when running a C program that uses getifaddrs linked against musl libc on certain big-endian architectures (like m68k, ppc, etc.) using QEMU. The program hangs inside musl when run in QEMU but works fine on real hardware. + +Hmm, the problem seems to be related to how QEMU handles certain system calls or perhaps some issue with endianness affecting function execution. The program uses getifaddrs, which is a standard library function that relies on various syscalls and internal libc functions. + +I remember from the description that this has been an issue before in other contexts, like Gentoo bugs and musl mailing lists. It likely involves how QEMU emulates system calls for these architectures, especially since real hardware works fine. + +Now, looking at the categories: +- Instruction would involve a specific CPU instruction causing issues. +- Syscall relates to problems when making system calls. +- Runtime is for other runtime errors not related to instructions or syscalls. + +Since getifaddrs is a function that interacts with the kernel via syscalls (like ioctl, socket, etc.), and QEMU's handling of these might be problematic on big-endian targets, this sounds like a syscall issue. The program hangs inside musl libc, which suggests it's waiting for something related to system calls. + +So, I think the category should be 'syscall' because it involves issues with how system calls are being handled by QEMU on these architectures. +</think> + +The bug report describes an issue where running a program using getifaddrs in QEMU leads to a hang. This is likely due to problems handling system calls within QEMU for big-endian targets, pointing towards a syscall-related issue. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/2504 b/results/classifier/deepseek-r1:32b/reasoning/syscall/2504 new file mode 100644 index 000000000..154f6313a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/2504 @@ -0,0 +1,17 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let's see what the problem is. + +The user says that when they're on a LoongArch host and run 'chroot x86_64-rootfs' followed by 'ls', they get an error. They mention using qemu-x86_64 to run /bin/XX, which I think might be a typo for /bin/ls or something else in the rootfs. + +So, what's happening here? Chroot is used to switch the root directory of a process, so the program runs as if it were on that system. Since the host is LoongArch and the chrooted environment is x86_64, they're probably using QEMU to emulate the x86_64 architecture. + +The error occurs when running 'ls' inside this chroot. That suggests that maybe some system calls aren't being handled correctly by QEMU in this cross-architecture setup. System calls are how user-space programs communicate with the kernel, so if they're failing, it's likely a syscall issue. + +Another angle: could it be an instruction issue? Maybe some x86_64 instructions aren't properly emulated on LoongArch. But since 'ls' is a common command and the error happens during runtime after chrooting, it seems more like a systemic problem with how syscalls are being translated or handled by QEMU rather than individual instructions. + +Runtime errors could be anything else happening while running the program. But given that the issue arises specifically when making system calls (like opening directories for 'ls'), I think syscall is the right category here. +</think> + +The bug report describes an error occurring when executing a command within a chroot environment on a LoongArch host using QEMU for x86_64 emulation. The issue likely stems from improper handling of system calls between different architectures, leading to runtime errors during program execution. + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/2592 b/results/classifier/deepseek-r1:32b/reasoning/syscall/2592 new file mode 100644 index 000000000..7c78666d6 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/2592 @@ -0,0 +1,19 @@ +<think> +Alright, I'm trying to figure out how to classify this bug report related to QEMU. The user mentioned that when they run `time.time()` in Python using qemu-aarch64, it throws an OSError: [Errno 0] Error. They're certain it's a QEMU issue because the same build works on a physical aarch64 machine and doesn't have this problem with qemu-arm. + +First, I need to understand what `time.time()` does. It returns the current time in seconds since the epoch. Under the hood, Python uses system calls to get this information. So when running under QEMU, something might be going wrong with how these system calls are handled. + +The error message says OSError: [Errno 0] Error. Errno 0 is a bit unusual because it usually indicates a successful operation, but in this case, it's an error. That suggests that the underlying system call isn't behaving as expected when run through QEMU-aarch64. + +Looking at the possible categories: instruction, syscall, runtime. + +- Instruction issues would involve problems with specific CPU instructions not being emulated correctly. +- Syscall issues relate to how system calls are handled by the emulator. +- Runtime errors could be anything else happening during execution. + +Since `time.time()` is a Python function that uses the underlying system's `gettimeofday` or similar syscalls, this points towards a problem with how QEMU-aarch64 emulates these syscalls. The fact that it works correctly on real hardware and with qemu-arm indicates that the issue is specific to the aarch64 emulation in QEMU. + +Therefore, the bug is likely related to how QEMU handles certain system calls when running in aarch64 mode. This suggests it's a syscall-related issue. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/263 b/results/classifier/deepseek-r1:32b/reasoning/syscall/263 new file mode 100644 index 000000000..cdcb5ac8b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/263 @@ -0,0 +1,19 @@ +<think> +Okay, so I need to classify this bug report about QEMU. The user says that readdir() returns NULL with errno=EOVERFLOW when running a 32-bit user-static QEMU on a 64-bit host. + +First, I'll try to understand what's happening here. QEMU is an emulator, and in this case, it's emulating a 32-bit environment on a 64-bit host system. The issue arises when using readdir(), which is a system call used to read directory entries. + +The error EOVERFLOW typically occurs when there's an overflow situation. In the context of readdir(), this might happen if the buffer provided by the application isn't large enough, or perhaps due to some mismatch in how directories are handled between 32-bit and 64-bit systems. + +Now, looking at the categories: instruction, syscall, runtime. + +- Instruction issues involve problems with specific CPU instructions. +- Syscall errors relate to system calls like read, write, open, etc., which interact directly with the kernel. +- Runtime errors are other issues that occur during execution but aren't tied to a specific instruction or system call. + +In this case, the problem is occurring when making a system call (readdir()), so it's likely a syscall issue. The EOVERFLOW suggests something went wrong in how the system call was handled by QEMU, perhaps related to how it translates 32-bit syscalls on a 64-bit host. + +I don't think it's an instruction-level problem because the error is specific to a system function and not tied directly to executing a particular CPU instruction. It also doesn't seem like a general runtime error since it's clearly linked to a system call failure. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/2825 b/results/classifier/deepseek-r1:32b/reasoning/syscall/2825 new file mode 100644 index 000000000..2335b30de --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/2825 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to classify this bug report as part of QEMU. The user mentioned that when using execveat with an empty filename and AT_EMPTY_PATH flag on different architectures like arm64, arm, riscv64, etc., it returns ENOENT (No such file or directory). However, for x86_64 and x86, it works fine. + +First, I need to understand what's happening here. execveat is a system call that allows executing a program from a file descriptor. The AT_EMPTY_PATH flag tells the kernel that the filename is empty, meaning the path comes from the file descriptor provided. On some architectures, this isn't working as expected. + +The user also mentioned using binfmt_misc which is used to register interpreters for different binary formats (like QEMU for running foreign binaries). When binfmt_misc is enabled, it allows these foreign binaries to run by translating them on-the-fly. + +Looking at the test cases: +- For x86_64 and x86, everything works fine when using execveat with AT_EMPTY_PATH. +- For other architectures (aarch64, riscv64), it fails with ENOENT when using AT_EMPTY_PATH but works if they use /proc/self/fd/%d as the pathname. + +The error seems to be happening in how the system call is handled for different architectures. Since execveat is a syscall and this behavior varies across architectures, especially when using QEMU's binfmt_misc setup, it points towards an issue with how the system handles foreign binaries or specific syscalls under QEMU. + +The possible categories given are instruction, syscall, runtime. The problem here isn't about faulty instructions in the code (so not 'instruction'). It also doesn't seem to be a general runtime error unrelated to system calls. Instead, it's specifically about the execveat system call failing under certain conditions when running different architectures with QEMU. + +Therefore, this bug falls under the 'syscall' category because it's related to how the execveat system call is being handled or emulated by QEMU for foreign architectures. +</think> + +The issue arises from how the `execveat` system call is being processed for different architectures within QEMU. The error occurs specifically when using this syscall with an empty path and AT_EMPTY_PATH flag, which works for some arches but not others. This indicates a problem in handling syscalls across various architectures. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/306 b/results/classifier/deepseek-r1:32b/reasoning/syscall/306 new file mode 100644 index 000000000..3c6495136 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/306 @@ -0,0 +1,9 @@ +<think> +Alright, let me try to figure out how to classify this bug report. The issue mentions an option to constrain the Linux-user exec() function to run on an emulated CPU only. I know that in QEMU, the user mode emulation (Linux-user) allows running binaries for different architectures natively without full VMs. + +The problem here seems related to how the exec() system call is handled when using this feature. Since it's about constraining execution to the emulated CPU, it likely deals with how syscalls are processed or intercepted in the user mode emulator. + +Looking at the categories: instruction issues relate to handling specific CPU instructions, syscall relates to errors in how system calls are managed, and runtime covers other runtime errors. This bug is more about controlling where exec() runs, which involves syscalls being handled by the emulator. Therefore, it's a syscall-related issue. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/324 b/results/classifier/deepseek-r1:32b/reasoning/syscall/324 new file mode 100644 index 000000000..5df76f862 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/324 @@ -0,0 +1,13 @@ +<think> +Okay, so I have this bug report that says "chrome based apps can not be run under qemu user mode." I need to classify it into one of three categories: instruction, syscall, or runtime. + +First, let me understand each category. Instruction issues involve problems with specific machine instructions not working correctly in QEMU. Syscall errors are related to system calls failing when using QEMU. Runtime errors are other types of problems that occur during the execution. + +The bug report mentions Chrome-based apps not running under qemu user mode. I know Chrome is a browser, but it's also used as a runtime for applications through technologies like NW.js or Electron. These apps run on top of Chrome's engine and use various system calls to function properly. + +So if Chrome-based apps aren't working in QEMU user mode, the issue might be related to how system calls are handled within that environment. Perhaps certain syscalls required by these applications aren't being correctly translated or emulated by QEMU. This would mean it's a syscall-related problem because the apps rely on specific interactions with the system that aren't functioning as expected in QEMU. + +I don't think it's an instruction issue because the problem isn't about executing a particular CPU instruction failing, but rather about applications not running properly, which is more about how they interact with the system. It also doesn't seem like a general runtime error unless all apps are failing, but since it's specifically Chrome-based, it points towards syscalls. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/326 b/results/classifier/deepseek-r1:32b/reasoning/syscall/326 new file mode 100644 index 000000000..651460a37 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/326 @@ -0,0 +1,21 @@ +<think> +Okay, so I need to classify this bug report about QEMU-user ignoring MADV_DONTNEED. Hmm, let's break it down. + +First, what is QEMU? It's an emulator used for running virtual machines and other emulated environments. So QEMU-user would be a user-space part of that, maybe related to process emulation or something like that. + +Now, MADV_DONTNEED is a memory advice hint in Linux. When you call madvise with MADV_DONTNEED, it tells the kernel that a certain memory region won't be used for a while and can be discarded if necessary. It's often used to free up memory pressure by allowing the system to drop pages. + +The bug report says that QEMU-user is ignoring this MADV_DONTNEED. So when someone uses madvise with MADV_DONTNEED on some memory, QEMU isn't respecting that and either doesn't pass it along or doesn't handle it correctly. + +Now, looking at the categories: instruction, syscall, runtime. The issue here is about a system call (madvise) not being handled properly by QEMU-user. So it's related to how syscalls are processed in the emulator. + +Wait, but could this be an instruction-level problem? Probably not, because MADV_DONTNEED isn't an instruction; it's part of the syscall interface. The issue is that when a process running under QEMU makes a madvise call with MADV_DONTNEED, QEMU doesn't handle it as expected. That sounds like a syscall error. + +Alternatively, if the problem was with how QEMU handles memory in its runtime operations, maybe it's a runtime error. But since it's specifically about the MADV_DONTNEED advice not being honored, which is part of the madvise system call, I think it falls under the syscall category. + +So, putting it all together, the bug report is about an issue with how QEMU handles a specific system call (madvise with MADV_DONTNEED), so the classification should be 'syscall'. +</think> + +The bug report concerns an issue where QEMU-user does not properly handle the `MADV_DONTNEED` advice provided by the `madvise` system call. This indicates that the problem lies in how the system call is processed within the emulator. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/356 b/results/classifier/deepseek-r1:32b/reasoning/syscall/356 new file mode 100644 index 000000000..28f546bae --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/356 @@ -0,0 +1,21 @@ +<think> +Okay, so I need to classify this bug report about QEMU Linux-user not translating host/target data for iovec I/O into one of three categories: instruction, syscall, or runtime. Let me think through this step by step. + +First, the issue is related to how QEMU handles I/O operations using iovec (input/output vector) when running in user mode. Specifically, it's not translating the host and target data properly. I know that in QEMU, especially when dealing with user-mode emulation, there's a lot of context switching between the host and target environments. + +IOVEC is used for performing multiple input or output operations in a single call, which can be more efficient than making multiple syscalls. So, if the translation isn't happening correctly, it could cause problems during I/O operations. + +Now, looking at the categories: + +- **Instruction**: This would involve issues with specific CPU instructions not being handled properly by QEMU's emulator. +- **Syscall**: This relates to errors in how system calls are emulated or translated between the host and target environments. +- **Runtime**: This is for other runtime errors that don't fall into the above two categories. + +The problem here isn't about an instruction being faulty but rather about data translation during I/O operations. Since iovec involves handling multiple buffers, it's part of how system calls are managed. The issue likely arises when QEMU doesn't correctly translate the iovec structures between the host and target environments, which would affect syscalls like readv or writev. + +So, considering that this is about data translation during I/O syscalls, it fits under **syscall** errors because it's related to how system calls are handled and translated in QEMU. +</think> + +The bug report concerns incorrect data translation for iovec I/O operations in QEMU Linux-user, which affects the handling of system calls. Therefore, the classification is: + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/456 b/results/classifier/deepseek-r1:32b/reasoning/syscall/456 new file mode 100644 index 000000000..50a173a84 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/456 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU hanging after encountering an error related to the futex function. The user provided some details, including steps to reproduce and strace outputs. + +First, let's break down what's happening. When running Valheim dedicated server under QEMU User mode on x86_64, it hangs with a specific futex call. The strace shows that the futex function returns an error because it's not implemented (errno=38). Then, when they send a SIGINT (like pressing Ctrl+C), another futex call is interrupted. + +The steps to reproduce involve installing SteamCMD, updating to Valheim server, and running under QEMU. The issue occurs on both Raspberry Pi ARM64 with Ubuntu and Fedora x86_64 with a custom-built QEMU. + +Looking at the possible categories: instruction, syscall, runtime. + +- Instruction issues are about incorrect instructions or assembly code. +- Syscall errors involve system calls failing or not being handled properly. +- Runtime errors are other runtime-related issues that don't fall into the first two. + +In this case, the problem is related to a system call (futex) returning an error because it's not implemented. QEMU is supposed to emulate these syscalls for user-mode programs. If QEMU doesn't handle futex correctly, that would be a syscall implementation issue within QEMU. + +So, the bug seems to be in how QEMU handles certain syscalls, specifically futex. Therefore, this falls under the 'syscall' category. +</think> + +The issue is related to QEMU's handling of the futex system call, which isn't implemented correctly. This causes the program to hang and respond incorrectly when interrupted. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/470 b/results/classifier/deepseek-r1:32b/reasoning/syscall/470 new file mode 100644 index 000000000..d32a53211 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/470 @@ -0,0 +1,21 @@ +<think> +Okay, so I'm trying to classify this bug report about QEMU's Linux-user mode. The issue mentioned is that it requires read permissions on memory passed to syscalls when it should only need write access. Hmm, let me break this down. + +First, I know that QEMU has a user-mode emulation for running unmodified Linux binaries on different architectures. It interacts with the host system by translating syscalls. Now, the problem here is about memory permissions during these syscalls. + +The bug says that QEMU is requesting read access when it should only need write access. So, perhaps when certain syscalls are made, QEMU's translator incorrectly marks the memory as needing to be readable, even though thesyscall itself only needs to modify (write) that memory. + +I'm thinking about how syscalls work. When a process makes a syscall, it often passes pointers to data structures or buffers. The kernel then uses these pointers to read from or write to user space memory. If the host's QEMU is enforcing read permissions when it should only need write, this could cause issues like incorrect memory access checks or even crashes. + +Looking at the possible categories: instruction, syscall, runtime. + +- Instruction would relate to an issue with how a specific CPU instruction is handled. +- Syscall category would be about problems during system call handling. +- Runtime refers to other errors happening while running the program. + +In this case, the problem arises when making syscalls because of incorrect memory permission checks. So it seems related to how QEMU handles the syscalls and their associated memory accesses. Therefore, the bug is likely a syscall-related issue rather than an instruction error or a general runtime problem. + +I think the correct category here is "syscall" because it's about the way QEMU interacts with system calls and how it manages the permissions on the memory passed to them. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/577 b/results/classifier/deepseek-r1:32b/reasoning/syscall/577 new file mode 100644 index 000000000..12838299a --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/577 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report about QEMU. Let me read through it again carefully. + +The problem is that when using `getdtablesize()` in user mode on Linux/alpha, the function returns a value that's too large. The user describes that `getdtablesize() - 1` should be a valid file descriptor but isn't. They provided steps to reproduce: compiling a specific C program with alpha-linux-gnu-gcc-10 and running it both directly on a Linux/alpha machine (where it works) and through QEMU, where it fails. + +From the expected result, when run on the actual machine, it returns 0, but in QEMU, it returns 1. So something's wrong with how QEMU is handling this function call. + +Now, looking at possible categories: instruction, syscall, runtime. + +The issue isn't about a faulty CPU instruction because it's more about system calls and resource limits. It doesn't seem like the problem lies in executing an incorrect machine instruction. + +Next, considering if it's a syscall error. `getdtablesize()` is related to the maximum number of open files allowed. So when running under QEMU user mode, maybe the emulation isn't correctly handling this system call. If QEMU misreports the descriptor table size, that would be a problem with how syscalls are being handled. + +Runtime errors usually involve issues during execution other than instructions or syscalls, like memory management or threading. But here, it's specifically about the return value of `getdtablesize()`, which points more towards system call handling. + +So I think this is a syscall issue because QEMU isn't accurately emulating the behavior of `getdtablesize()` as expected in the user mode environment. +</think> + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/578 b/results/classifier/deepseek-r1:32b/reasoning/syscall/578 new file mode 100644 index 000000000..185e46604 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/578 @@ -0,0 +1,15 @@ +<think> +Alright, let's try to figure out what category this bug falls into. The user mentioned that when running their program using QEMU in user mode on Linux/sparc64, they encounter an error where `getdomainname()` is not implemented. + +First, I need to understand the context. They're compiling a C program that uses `getdomainname()`, and when executing it under QEMU, instead of getting "(none)", they get an error saying the function isn't implemented. + +Looking at the problem description, the issue arises during the execution of the compiled binary within QEMU. The error message is about a missing implementation of a specific system call. So, `getdomainname()` is a system call that's supposed to retrieve the domain name of the host machine. + +In this case, since the function isn't implemented in QEMU's user mode on Linux/sparc64, it seems like a syscall is failing because QEMU doesn't handle it correctly. The error occurs at runtime when the program tries to execute `getdomainname()`, leading to the problem being related to system calls. + +So, categorizing this, it's not about an instruction or a compile-time issue but rather an error during execution related to how the system call is handled by QEMU. Therefore, this bug falls under the 'syscall' category because it's directly tied to the implementation of a specific system call within the emulator. +</think> + +The bug report describes an issue where the `getdomainname()` system call is not implemented in QEMU's user mode for Linux/sparc64. This relates to how system calls are handled by the emulator, leading to runtime errors when executing code that uses this function. + +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/579 b/results/classifier/deepseek-r1:32b/reasoning/syscall/579 new file mode 100644 index 000000000..9abd4cd89 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/579 @@ -0,0 +1,23 @@ +<think> +Okay, so I'm trying to figure out how to classify this bug report related to QEMU. Let me start by reading through the problem description carefully. + +The issue is that the `chown()` function fails when it should succeed in QEMU user mode on a Linux/sparc64 system. The steps provided outline how to reproduce the problem, which involves compiling and running a specific program both natively and under QEMU. + +From what I understand, `chown()` is a system call used to change the ownership of a file. So when it's failing in QEMU but works normally outside of it, it suggests that there's something different about how QEMU handles this particular system call or perhaps how it interacts with the environment. + +Looking at the steps, they involve setting up a cross-compile environment and then running the test program both natively and under QEMU. The native run succeeds (returns 0), but when using QEMU, `chown()` fails with "Operation not permitted" and returns an error code of 1. + +Now, considering the possible categories: instruction, syscall, runtime. + +- **Instruction**: This would relate to a specific CPU instruction being faulty or mishandled by QEMU. But in this case, the problem seems related to file permissions and system calls rather than any particular instruction execution. + +- **Syscall**: Since `chown()` is a system call, if it's failing under QEMU, it might be that QEMU isn't properly handling this syscall or there's an issue with how it's being emulated. This seems like the most likely category because the problem occurs when making a specific system call. + +- **Runtime**: This would cover other runtime errors not related to instructions or syscalls. But since `chown()` is failing, which directly relates to a system call implementation, this doesn't seem as fitting. + +So putting it together, the issue is about how QEMU handles the `chown()` system call in user mode on Linux/sparc64. It's not an instruction-level problem or a general runtime error but rather an issue with the syscall handling. +</think> + +The bug report describes an issue where the `chown()` system call fails under QEMU, which suggests a problem with how QEMU emulates this system call. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/654 b/results/classifier/deepseek-r1:32b/reasoning/syscall/654 new file mode 100644 index 000000000..e5f161d4b --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/654 @@ -0,0 +1,25 @@ +<think> +Okay, so I need to classify this bug report about QEMU's strace log output getting mangled. The user provided a detailed description and some code snippets. Let me break it down step by step. + +First, the problem is that when using strace logging in QEMU, the syscall entries aren't being printed atomically. That means parts of a single syscall log can be interrupted by other logs, making them hard to parse. For example, the mmap syscalls are getting split up because another part of the code (like page logging) writes to the log file in between. + +Looking at the steps to reproduce: running a dynamically linked binary or one that uses mmaps causes this issue. The user attached an example log where the mmap entries are interrupted. + +The user believes the bug is due to two main reasons: +1. In `linux-user/syscall.c`, the strace syscall entry isn't output all at once but split into two parts—`print_syscall` and `print_syscall_ret`. These functions call `qemu_log` multiple times, which can allow other log messages to interleave. +2. For mmap syscalls specifically, `log_page_dump` is called between these two print functions, causing the mangled output. + +They also mention that inside `qemu_log`, the logfile lock is obtained and released each time. This means there's a possibility of another thread writing to the log file while a syscall entry is being printed across multiple `qemu_log` calls. + +Now, classifying this bug into one of the categories: instruction, syscall, or runtime. + +- Instruction: Relates to faulty instructions, like wrong assembly or code execution. Doesn't fit here because it's about logging, not executing instructions. +- Syscall: Issues directly with system calls. This seems relevant since the problem occurs during strace logging of syscalls. +- Runtime: Other runtime errors. While this is a runtime issue, the specific problem relates to how syscalls are logged. + +The main issue is that the syscall logs are being interrupted, which affects the integrity of the log output for syscalls. Therefore, it's more accurately classified under 'syscall' because it pertains directly to the logging mechanism of system calls. +</think> + +The bug report deals with the improper logging of system call entries in QEMU's strace output, specifically when syscalls like mmap are interrupted by other log messages. This issue is rooted in how syscall logs are split across multiple non-atomic `qemu_log` calls, allowing interleaving from other parts of the code. + +**syscall** \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/690 b/results/classifier/deepseek-r1:32b/reasoning/syscall/690 new file mode 100644 index 000000000..020873453 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/690 @@ -0,0 +1,23 @@ +<think> +Okay, so I need to classify this bug report into one of three categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The issue is that when running 32-bit qemu-arm-static on an x86_64 host with versions 5.1 and later, GCC fails because it can't allocate a memory range for the guest. The error message is "Allocating guest commpage: Operation not permitted." This problem doesn't happen in QEMU version 5.0, so something changed between 5.0 and 5.1 that introduced this bug. + +The user mentions that this isn't reproducible on all systems—it's happening on Arch Linux and some Debian setups but not others. They also note that the sysctl parameter `vm.mmap_min_addr` affects the outcome. Depending on its value, the error changes or doesn't occur at all. + +Looking into the steps to reproduce, they built a Docker container and ran GCC inside using the older QEMU version 50. The problem arises when trying to allocate memory in the guest space, which suggests it's related to how QEMU is handling memory mappings or syscalls. + +The error message mentions "Operation not permitted," which often relates to permissions issues, possibly during a system call like mmap. Since the issue occurs at runtime and involves memory allocation within the guest environment, it seems like this isn't an instruction-level problem but rather something happening during execution, likely related to how QEMU interacts with the host's kernel when making certain syscalls. + +So, considering the categories: + +- Instruction: Not applicable because there's no mention of a specific CPU instruction causing the issue. +- Syscall: Possible since it involves memory allocation (mmap) and permissions. The error could be due to changes in how QEMU handles these syscalls across different versions or configurations. +- Runtime: Also possible, as the problem occurs during runtime when trying to allocate guest memory. + +But given that the problem is tied to kernel parameters like `vm.mmap_min_addr` and involves a syscall returning an error related to permissions, it's more likely a syscall issue. The underlying cause seems to be how QEMU or the host handles these syscalls in newer versions. +</think> + +The bug report indicates issues with memory allocation during runtime, specifically when trying to allocate guest memory via mmap syscalls. This points to a problem with system calls and their handling. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/836 b/results/classifier/deepseek-r1:32b/reasoning/syscall/836 new file mode 100644 index 000000000..463ecdb26 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/836 @@ -0,0 +1,37 @@ +<think> +Okay, so I'm trying to figure out what's causing this issue where the lseek() system call returns -14 (EFAULT) when using QEMU-riscv32. Let me go through my understanding step by step. + +First, from the code provided, the user is making a series of system calls: openat, lseek, close, and exit. The problem arises specifically with the lseek() call, which returns an error code -14, indicating an EFAULT. According to the man page for lseek(), this error typically happens when there's an invalid pointer or something wrong with the arguments passed. + +Looking at the code: + +- They use SYS_OPENAT correctly, opening a file and checking if the file descriptor (s0) is valid. That part works because the error checks after openat don't fail. +- Then they call lseek() with s0 as the file descriptor, 0 as the offset, and SEEK_CUR for the whence parameter. The expectation here is that it should return the current position in the file, which shouldn't cause an error. + +But it does, returning -14. Now, I'm thinking about what could cause EFAULT in this context. One possibility is that the system call arguments are being passed incorrectly. In RISC-V, system calls use specific registers: a0 to a7 for parameters and a7 for the syscall number. + +Wait, looking at how lseek() is set up: + +- a7 holds SYS_LSEEK (0x3e). +- a0 is s0 (the file descriptor), which was correctly obtained from openat. +- a1 is 0, the offset. That seems fine. +- a2 is SEEK_CUR (1), so the whence parameter. + +Hmm, but in some systems, the lseek() system call might have more parameters or require different registers. Alternatively, maybe QEMU isn't handling this correctly for RISC-V 32-bit. Maybe there's an issue with how the arguments are passed or how the syscall is implemented in QEMU. + +I should check thesyscall definitions to ensure that the parameters are correct. According to the code comments, the syscall numbers come from riscv-pk. Let me confirm the parameters for lseek() on RISC-V. + +In many architectures, lseek has three arguments: fd, offset, whence. So the setup here seems correct. But perhaps there's a mismatch in how QEMU implements this syscall for 32-bit RISC-V. + +Another thought is whether the file descriptor s0 is indeed valid when passed to lseek(). The user says it's correct because the openat() call succeeds and the error check passes, so that shouldn't be the issue. + +Is there a chance that the system call itself isn't implemented correctly in QEMU? Maybe the lseek() syscall handler in QEMU has a bug that causes it to return EFAULT under certain conditions. Or perhaps there's an issue with how the registers are handled during the syscall, leading to incorrect argument interpretation. + +I should also consider if the code is compiling and running as expected. The user provided assembly code, which compiles without issues, so the problem isn't in the code but in the environment it's running on—specifically QEMU. + +In summary, the issue is likely related to how the lseek() system call is handled by QEMU for RISC-V32, possibly due to incorrect argument handling or a bug in the syscall implementation. This would classify the problem under the 'syscall' category because it's an error occurring during a system call execution. +</think> + +The problem is classified as a `syscall` issue because the lseek() system call returns an unexpected error code (EFAULT) when executed within QEMU-riscv32, indicating an error related to how the system call is handled. + +**Answer:** syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/871 b/results/classifier/deepseek-r1:32b/reasoning/syscall/871 new file mode 100644 index 000000000..b5c30e6a0 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/871 @@ -0,0 +1,19 @@ +<think> +Okay, so I'm trying to figure out why `qemu-x86_64` isn't supporting `unshare(CLONE_NEWUSER)`. Let me start by understanding what each command does. + +When I run `/bin/unshare --user /bin/bash`, it works fine. That means my system supports the `CLONE_NEWUSER` namespace without any issues. So the problem isn't with my host system but specifically when using QEMU. + +I read that `qemu-x86_64` is a binary translator used by QEMU to run 64-bit x86 applications on different architectures or for performance reasons. But why would it fail here? + +The error message says "unshare failed: Invalid argument". That suggests something about the arguments passed isn't correct, but since the same command works without QEMU, it's more likely an issue with how QEMU handles the `unshare` system call. + +I know that namespaces in Linux are created using `clone()` or `unshare()`, and `CLONE_NEWUSER` is a flag for user namespaces. Maybe QEMU doesn't properly handle this flag when translating the syscalls, leading to the error. + +Looking into possible categories: it's not an instruction issue because the command itself works outside of QEMU. It's also not a runtime issue in the traditional sense since the problem is specific to how QEMU processes the system call. Therefore, it must be related to how `unshare` is implemented within QEMU—probably a missing or incorrect handling of the `CLONE_NEWUSER` flag. + +So this falls under a syscall error because QEMU isn't correctly processing the `unshare` system call with that specific flag. +</think> + +The issue arises because QEMU's implementation doesn't correctly handle the `unshare` system call with the `CLONE_NEWUSER` flag, leading to an invalid argument error. + +**Answer:** The category is "syscall". \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/885 b/results/classifier/deepseek-r1:32b/reasoning/syscall/885 new file mode 100644 index 000000000..bd0ae7402 --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/885 @@ -0,0 +1,19 @@ +<think> +Okay, so I need to classify this bug report about QEMU into one of three categories: instruction, syscall, or runtime. Let's break it down step by step. + +The bug report mentions that when using `getsockopt` on `SO_RCVTIMEO_NEW` and `SO_SNDTIMEO_NEW`, an unexpected `int` is written. I remember that `getsockopt` is a system call used in socket programming to get various socket options. So this seems related to how the system handles these specific socket options. + +Looking at the categories: +- "instruction" would relate to issues with specific CPU instructions, which doesn't seem relevant here. +- "syscall" deals with errors occurring during system calls, which fits because `getsockopt` is a syscall and there's an issue with it. +- "runtime" covers other runtime errors, but since this specifically mentions a syscall, it's more precise. + +So the bug is likely related to how QEMU handles these socket options via syscalls. Therefore, the category should be 'syscall'. +</think> + +The bug involves issues with system calls (`getsockopt`), so the appropriate category is: + +**syscall** + +Answer: +syscall \ No newline at end of file diff --git a/results/classifier/deepseek-r1:32b/reasoning/syscall/927 b/results/classifier/deepseek-r1:32b/reasoning/syscall/927 new file mode 100644 index 000000000..3631ffb9d --- /dev/null +++ b/results/classifier/deepseek-r1:32b/reasoning/syscall/927 @@ -0,0 +1,23 @@ +<think> +Okay, so I need to classify this bug report into one of the three categories: instruction, syscall, or runtime. Let me read through the problem description carefully. + +The issue is about the `open("/proc/self/exe", ...)` function returning a closed file descriptor when QEMU-user is used as an interpreter with a file descriptor passed via the `AT_EXECFD` auxval. From what I understand, when this happens, QEMU's initialization process closes the file descriptor before it's returned to the user program. + +Looking at the steps provided: The program opens `/proc/self/exe` and `/dev/null`, then prints their descriptors. Normally, in a Docker container on an arm64 Mac using qemu-user, this outputs two valid descriptors. But if QEMU is involved with `AT_EXECFD`, it seems like the file descriptor for `/proc/self/exe` becomes invalid because it's closed. + +The problem arises in how QEMU handles loading the ELF binary. It uses the provided file descriptor but then closes it before returning, which affects subsequent operations when the user program tries to use that descriptor again. + +Now, thinking about the categories: + +- Instruction would involve a specific CPU instruction causing issues. +- Syscall relates to system call handling or errors in syscalls. +- Runtime covers other runtime errors not related to instructions or syscalls. + +This issue is specifically about how QEMU handles file descriptors during process execution and returns them via `openat`. It's more about the system calls and how they're managed, especially around opening files and handling their descriptors. The problem occurs in the context of syscalls like openat, which makes me think it's a syscall-related issue. + +So, I'd categorize this as a **syscall** bug because it involves incorrect behavior with file descriptors returned from `open`, specifically within QEMU's handling of system calls. +</think> + +The bug report describes an issue where the `open` system call returns a closed file descriptor in certain conditions when using QEMU-user. This relates to how the system call is handled and the file descriptors are managed. + +**Answer:** syscall \ No newline at end of file |